Jump to content

Possible Malware Infection


Recommended Posts

Hello Malwarebytes Forum,

I think I may have a possible malware infection, but I'm not sure. The problem is that lately, as in the past couple days, whenever I try to open by Firefox or Chrome, both browsers close by themselves within a couple seconds, without any warnings or crash reports. The only browser that works is Internet Explorer. This is after about a month of Facebook getting me redirects which Firefox stopped. Reinstalling, running anti-virus and anti-malware software did nothing to stop the problem. The only thing that seems to help is restarting the computer. The browsers work after a restart, but after I close them and run another program, such as a Total War game, the browsers begin this odd behavoir again, rendering them unusable. I've come to the conclusion that its probably some sort of malware infection thats preventing my browsers from working, as nothing else is allieviating the problem. Hopefully you guys can help me nail down if this is a malware infection or not.

I've attatched both the Attach.txt file and the DDS.txt file. Thank you in advance for helping me.

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello carwrex and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Thank you Maniac for helping me! I guess I'll be going with the cleaning option for now, since I'm not sure if this is malware or not. But if it gets very serious, and the chance of removing it low, then I'll probably go with the clean install option. I have some questions about that, but I guess I'll save those for later.

Here is the TDSSKiller log

12:28:19.0594 7588 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

12:28:20.0417 7588 ============================================================

12:28:20.0417 7588 Current date / time: 2012/06/08 12:28:20.0417

12:28:20.0417 7588 SystemInfo:

12:28:20.0417 7588

12:28:20.0417 7588 OS Version: 6.0.6002 ServicePack: 2.0

12:28:20.0417 7588 Product type: Workstation

12:28:20.0418 7588 ComputerName: JOE

12:28:20.0418 7588 UserName: Joecool

12:28:20.0418 7588 Windows directory: C:\Windows

12:28:20.0418 7588 System windows directory: C:\Windows

12:28:20.0418 7588 Processor architecture: Intel x86

12:28:20.0418 7588 Number of processors: 2

12:28:20.0418 7588 Page size: 0x1000

12:28:20.0418 7588 Boot type: Normal boot

12:28:20.0418 7588 ============================================================

12:28:21.0074 7588 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:28:21.0076 7588 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

12:28:28.0498 7588 ============================================================

12:28:28.0498 7588 \Device\Harddisk0\DR0:

12:28:28.0512 7588 MBR partitions:

12:28:28.0513 7588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000

12:28:28.0513 7588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x1BD90800

12:28:28.0513 7588 \Device\Harddisk1\DR1:

12:28:28.0513 7588 MBR partitions:

12:28:28.0513 7588 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982

12:28:28.0513 7588 ============================================================

12:28:28.0544 7588 C: <-> \Device\Harddisk0\DR0\Partition1

12:28:28.0570 7588 D: <-> \Device\Harddisk0\DR0\Partition0

12:28:28.0571 7588 F: <-> \Device\Harddisk1\DR1\Partition0

12:28:28.0571 7588 ============================================================

12:28:28.0571 7588 Initialize success

12:28:28.0571 7588 ============================================================

12:28:44.0978 8184 ============================================================

12:28:44.0978 8184 Scan started

12:28:44.0978 8184 Mode: Manual; SigCheck; TDLFS;

12:28:44.0978 8184 ============================================================

12:28:46.0709 8184 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

12:28:46.0852 8184 !SASCORE - ok

12:28:47.0041 8184 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

12:28:47.0107 8184 ACPI - ok

12:28:47.0125 8184 adfs - ok

12:28:47.0230 8184 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

12:28:47.0250 8184 AdobeARMservice - ok

12:28:47.0340 8184 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:28:47.0367 8184 AdobeFlashPlayerUpdateSvc - ok

12:28:47.0434 8184 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

12:28:47.0486 8184 adp94xx - ok

12:28:47.0522 8184 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

12:28:47.0558 8184 adpahci - ok

12:28:47.0587 8184 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

12:28:47.0612 8184 adpu160m - ok

12:28:47.0644 8184 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

12:28:47.0674 8184 adpu320 - ok

12:28:47.0718 8184 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

12:28:47.0821 8184 AeLookupSvc - ok

12:28:47.0865 8184 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

12:28:47.0949 8184 AFD - ok

12:28:47.0977 8184 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

12:28:47.0997 8184 agp440 - ok

12:28:48.0031 8184 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

12:28:48.0051 8184 aic78xx - ok

12:28:48.0315 8184 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll

12:28:48.0315 8184 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af

12:28:48.0327 8184 Akamai ( HiddenFile.Multi.Generic ) - warning

12:28:48.0328 8184 Akamai - detected HiddenFile.Multi.Generic (1)

12:28:48.0423 8184 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

12:28:48.0562 8184 ALG - ok

12:28:48.0616 8184 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

12:28:48.0644 8184 aliide - ok

12:28:48.0689 8184 AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe

12:28:48.0774 8184 AMD External Events Utility - ok

12:28:48.0886 8184 AMD FUEL Service - ok

12:28:48.0908 8184 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

12:28:48.0927 8184 amdagp - ok

12:28:48.0963 8184 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

12:28:48.0982 8184 amdide - ok

12:28:49.0026 8184 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys

12:28:49.0069 8184 amdiox86 - ok

12:28:49.0082 8184 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

12:28:49.0238 8184 AmdK7 - ok

12:28:49.0266 8184 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

12:28:49.0315 8184 AmdK8 - ok

12:28:49.0814 8184 amdkmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys

12:28:50.0220 8184 amdkmdag - ok

12:28:50.0346 8184 amdkmdap (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys

12:28:50.0413 8184 amdkmdap - ok

12:28:50.0549 8184 AODDriver4.0 (40c15ce1b832b78cc2a2f61807058763) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys

12:28:50.0566 8184 AODDriver4.0 - ok

12:28:50.0643 8184 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

12:28:50.0663 8184 AOL ACS - ok

12:28:50.0686 8184 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

12:28:50.0761 8184 Appinfo - ok

12:28:50.0867 8184 Apple Mobile Device (536fcd2cec5161bfcc91cc21726b9db2) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

12:28:50.0897 8184 Apple Mobile Device - ok

12:28:50.0933 8184 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

12:28:50.0952 8184 arc - ok

12:28:50.0978 8184 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

12:28:50.0998 8184 arcsas - ok

12:28:51.0054 8184 ASKService (7b44f870fc2da172c5367d9e3f96f553) C:\Program Files\AskBarDis\bar\bin\AskService.exe

12:28:51.0103 8184 ASKService - ok

12:28:51.0136 8184 ASKUpgrade (367621cb272a8d9e7d910388916d5737) C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

12:28:51.0163 8184 ASKUpgrade - ok

12:28:51.0295 8184 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

12:28:51.0327 8184 aspnet_state - ok

12:28:51.0378 8184 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

12:28:51.0435 8184 AsyncMac - ok

12:28:51.0471 8184 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys

12:28:51.0490 8184 atapi - ok

12:28:51.0565 8184 AtiHDAudioService (35290682dbdb9cede934b73369f3cede) C:\Windows\system32\drivers\AtihdLH3.sys

12:28:51.0588 8184 AtiHDAudioService - ok

12:28:51.0621 8184 AtiHdmiService (ede8a5714cfc1168979e57e00f8a6bf5) C:\Windows\system32\drivers\AtiHdmi.sys

12:28:51.0673 8184 AtiHdmiService - ok

12:28:51.0775 8184 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

12:28:51.0806 8184 atksgt - ok

12:28:51.0864 8184 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

12:28:51.0939 8184 AudioEndpointBuilder - ok

12:28:51.0951 8184 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

12:28:51.0986 8184 Audiosrv - ok

12:28:52.0032 8184 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

12:28:52.0109 8184 bcm4sbxp - ok

12:28:52.0123 8184 BCMH43XX - ok

12:28:52.0156 8184 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

12:28:52.0226 8184 Beep - ok

12:28:52.0271 8184 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

12:28:52.0354 8184 BFE - ok

12:28:52.0587 8184 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120531.001\BHDrvx86.sys

12:28:52.0674 8184 BHDrvx86 - ok

12:28:52.0757 8184 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

12:28:52.0855 8184 BITS - ok

12:28:52.0896 8184 blbdrive - ok

12:28:53.0011 8184 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe

12:28:53.0060 8184 Bonjour Service - ok

12:28:53.0099 8184 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

12:28:53.0198 8184 bowser - ok

12:28:53.0229 8184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

12:28:53.0264 8184 BrFiltLo - ok

12:28:53.0282 8184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

12:28:53.0328 8184 BrFiltUp - ok

12:28:53.0372 8184 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

12:28:53.0430 8184 Browser - ok

12:28:53.0472 8184 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

12:28:53.0554 8184 Brserid - ok

12:28:53.0583 8184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

12:28:53.0662 8184 BrSerWdm - ok

12:28:53.0688 8184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

12:28:53.0769 8184 BrUsbMdm - ok

12:28:53.0835 8184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

12:28:53.0897 8184 BrUsbSer - ok

12:28:53.0926 8184 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

12:28:54.0006 8184 BTHMODEM - ok

12:28:54.0050 8184 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

12:28:54.0105 8184 cdfs - ok

12:28:54.0153 8184 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

12:28:54.0200 8184 cdrom - ok

12:28:54.0249 8184 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

12:28:54.0293 8184 CertPropSvc - ok

12:28:54.0348 8184 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

12:28:54.0420 8184 circlass - ok

12:28:54.0489 8184 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

12:28:54.0527 8184 CLFS - ok

12:28:54.0610 8184 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:28:54.0631 8184 clr_optimization_v2.0.50727_32 - ok

12:28:54.0720 8184 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:28:54.0840 8184 clr_optimization_v4.0.30319_32 - ok

12:28:54.0856 8184 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

12:28:54.0880 8184 cmdide - ok

12:28:54.0920 8184 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

12:28:54.0939 8184 Compbatt - ok

12:28:54.0953 8184 COMSysApp - ok

12:28:55.0069 8184 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

12:28:55.0087 8184 cpudrv - ok

12:28:55.0117 8184 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

12:28:55.0135 8184 crcdisk - ok

12:28:55.0158 8184 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

12:28:55.0228 8184 Crusoe - ok

12:28:55.0264 8184 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

12:28:55.0315 8184 CryptSvc - ok

12:28:55.0385 8184 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

12:28:55.0486 8184 DcomLaunch - ok

12:28:55.0525 8184 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

12:28:55.0628 8184 DfsC - ok

12:28:55.0919 8184 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

12:28:56.0129 8184 DFSR - ok

12:28:56.0284 8184 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

12:28:56.0381 8184 Dhcp - ok

12:28:56.0450 8184 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

12:28:56.0479 8184 disk - ok

12:28:56.0529 8184 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS

12:28:56.0557 8184 DLABMFSM - ok

12:28:56.0580 8184 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS

12:28:56.0604 8184 DLABOIOM - ok

12:28:56.0637 8184 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS

12:28:56.0654 8184 DLACDBHM - ok

12:28:56.0676 8184 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS

12:28:56.0693 8184 DLADResM - ok

12:28:56.0735 8184 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS

12:28:56.0791 8184 DLAIFS_M - ok

12:28:56.0803 8184 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS

12:28:56.0842 8184 DLAOPIOM - ok

12:28:56.0856 8184 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS

12:28:56.0889 8184 DLAPoolM - ok

12:28:56.0964 8184 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS

12:28:56.0985 8184 DLARTL_M - ok

12:28:57.0038 8184 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS

12:28:57.0091 8184 DLAUDFAM - ok

12:28:57.0119 8184 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS

12:28:57.0160 8184 DLAUDF_M - ok

12:28:57.0166 8184 dlbu_device - ok

12:28:57.0206 8184 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

12:28:57.0301 8184 Dnscache - ok

12:28:57.0374 8184 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

12:28:57.0437 8184 dot3svc - ok

12:28:57.0500 8184 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

12:28:57.0620 8184 DPS - ok

12:28:57.0662 8184 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

12:28:57.0707 8184 drmkaud - ok

12:28:57.0746 8184 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS

12:28:57.0776 8184 DRVMCDB - ok

12:28:57.0799 8184 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS

12:28:57.0817 8184 DRVNDDM - ok

12:28:57.0904 8184 DSBrokerService (01d5b95d0a12a916bbdc258629113258) C:\Program Files\DellSupport\brkrsvc.exe

12:28:57.0929 8184 DSBrokerService ( UnsignedFile.Multi.Generic ) - warning

12:28:57.0929 8184 DSBrokerService - detected UnsignedFile.Multi.Generic (1)

12:28:57.0974 8184 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

12:28:57.0993 8184 DSproct ( UnsignedFile.Multi.Generic ) - warning

12:28:57.0994 8184 DSproct - detected UnsignedFile.Multi.Generic (1)

12:28:58.0010 8184 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys

12:28:58.0048 8184 dsunidrv ( UnsignedFile.Multi.Generic ) - warning

12:28:58.0048 8184 dsunidrv - detected UnsignedFile.Multi.Generic (1)

12:28:58.0112 8184 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

12:28:58.0165 8184 DXGKrnl - ok

12:28:58.0218 8184 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

12:28:58.0291 8184 e1express - ok

12:28:58.0314 8184 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

12:28:58.0432 8184 E1G60 - ok

12:28:58.0472 8184 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

12:28:58.0505 8184 EapHost - ok

12:28:58.0549 8184 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

12:28:58.0589 8184 Ecache - ok

12:28:58.0704 8184 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

12:28:58.0740 8184 eeCtrl - ok

12:28:58.0815 8184 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

12:28:58.0874 8184 ehRecvr - ok

12:28:58.0901 8184 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

12:28:58.0968 8184 ehSched - ok

12:28:58.0989 8184 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

12:28:59.0021 8184 ehstart - ok

12:28:59.0079 8184 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

12:28:59.0112 8184 elxstor - ok

12:28:59.0186 8184 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

12:28:59.0292 8184 EMDMgmt - ok

12:28:59.0422 8184 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:28:59.0455 8184 EraserUtilRebootDrv - ok

12:28:59.0520 8184 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

12:28:59.0582 8184 EventSystem - ok

12:28:59.0636 8184 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

12:28:59.0705 8184 exfat - ok

12:28:59.0735 8184 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

12:28:59.0801 8184 fastfat - ok

12:28:59.0843 8184 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

12:28:59.0916 8184 fdc - ok

12:28:59.0947 8184 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

12:28:59.0983 8184 fdPHost - ok

12:29:00.0013 8184 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

12:29:00.0085 8184 FDResPub - ok

12:29:00.0119 8184 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

12:29:00.0140 8184 FileInfo - ok

12:29:00.0164 8184 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

12:29:00.0212 8184 Filetrace - ok

12:29:00.0236 8184 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

12:29:00.0309 8184 flpydisk - ok

12:29:00.0352 8184 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

12:29:00.0382 8184 FltMgr - ok

12:29:00.0456 8184 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

12:29:00.0573 8184 FontCache - ok

12:29:00.0674 8184 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

12:29:00.0692 8184 FontCache3.0.0.0 - ok

12:29:00.0718 8184 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

12:29:00.0735 8184 fssfltr - ok

12:29:00.0912 8184 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

12:29:01.0014 8184 fsssvc - ok

12:29:01.0142 8184 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

12:29:01.0190 8184 Fs_Rec - ok

12:29:01.0218 8184 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

12:29:01.0238 8184 gagp30kx - ok

12:29:01.0272 8184 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:29:01.0289 8184 GEARAspiWDM - ok

12:29:01.0325 8184 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys

12:29:01.0342 8184 GIDv2 - ok

12:29:01.0402 8184 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

12:29:01.0461 8184 gpsvc - ok

12:29:01.0601 8184 gupdate1c9a37b9340a128 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

12:29:01.0628 8184 gupdate1c9a37b9340a128 - ok

12:29:01.0641 8184 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

12:29:01.0659 8184 gupdatem - ok

12:29:01.0691 8184 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

12:29:01.0708 8184 hamachi - ok

12:29:01.0743 8184 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

12:29:01.0810 8184 HdAudAddService - ok

12:29:01.0872 8184 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:29:01.0963 8184 HDAudBus - ok

12:29:02.0003 8184 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

12:29:02.0094 8184 HidBth - ok

12:29:02.0125 8184 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

12:29:02.0203 8184 HidIr - ok

12:29:02.0233 8184 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

12:29:02.0264 8184 hidserv - ok

12:29:02.0296 8184 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

12:29:02.0343 8184 HidUsb - ok

12:29:02.0380 8184 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

12:29:02.0419 8184 hkmsvc - ok

12:29:02.0455 8184 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

12:29:02.0475 8184 HpCISSs - ok

12:29:02.0548 8184 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

12:29:02.0671 8184 HSF_DPV - ok

12:29:02.0727 8184 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

12:29:02.0776 8184 HSXHWBS2 - ok

12:29:02.0844 8184 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

12:29:02.0937 8184 HTTP - ok

12:29:02.0979 8184 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

12:29:02.0998 8184 i2omp - ok

12:29:03.0040 8184 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

12:29:03.0088 8184 i8042prt - ok

12:29:03.0119 8184 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

12:29:03.0149 8184 iaStorV - ok

12:29:03.0254 8184 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

12:29:03.0283 8184 IDriverT ( UnsignedFile.Multi.Generic ) - warning

12:29:03.0283 8184 IDriverT - detected UnsignedFile.Multi.Generic (1)

12:29:03.0440 8184 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:29:03.0512 8184 idsvc - ok

12:29:03.0722 8184 IDSVix86 (f9069ce7a7b9f9ba75d009b0ce3d7601) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120607.001\IDSvix86.sys

12:29:03.0775 8184 IDSVix86 - ok

12:29:03.0870 8184 IDVaultSvc (dc6f40e409d70c008c0bb77605c34ac8) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

12:29:03.0912 8184 IDVaultSvc - ok

12:29:04.0066 8184 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

12:29:04.0101 8184 iirsp - ok

12:29:04.0162 8184 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

12:29:04.0216 8184 IKEEXT - ok

12:29:04.0249 8184 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys

12:29:04.0269 8184 intelide - ok

12:29:04.0292 8184 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

12:29:04.0363 8184 intelppm - ok

12:29:04.0407 8184 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

12:29:04.0445 8184 IPBusEnum - ok

12:29:04.0479 8184 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:29:04.0517 8184 IpFilterDriver - ok

12:29:04.0555 8184 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

12:29:04.0639 8184 iphlpsvc - ok

12:29:04.0653 8184 IpInIp - ok

12:29:04.0687 8184 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

12:29:04.0766 8184 IPMIDRV - ok

12:29:04.0802 8184 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

12:29:04.0842 8184 IPNAT - ok

12:29:04.0872 8184 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

12:29:04.0908 8184 IRENUM - ok

12:29:04.0944 8184 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

12:29:04.0964 8184 isapnp - ok

12:29:04.0997 8184 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

12:29:05.0028 8184 iScsiPrt - ok

12:29:05.0046 8184 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

12:29:05.0064 8184 iteatapi - ok

12:29:05.0081 8184 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

12:29:05.0102 8184 iteraid - ok

12:29:05.0133 8184 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

12:29:05.0154 8184 kbdclass - ok

12:29:05.0186 8184 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

12:29:05.0222 8184 kbdhid - ok

12:29:05.0251 8184 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

12:29:05.0306 8184 KeyIso - ok

12:29:05.0348 8184 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

12:29:05.0405 8184 KSecDD - ok

12:29:05.0448 8184 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

12:29:05.0521 8184 KtmRm - ok

12:29:05.0598 8184 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

12:29:05.0680 8184 LanmanServer - ok

12:29:05.0729 8184 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

12:29:05.0811 8184 LanmanWorkstation - ok

12:29:05.0911 8184 Linksys_adapter (ba8494fe6ee119aad2505a57058b282e) C:\Windows\system32\DRIVERS\AE2500vista.sys

12:29:05.0972 8184 Linksys_adapter - ok

12:29:06.0013 8184 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

12:29:06.0031 8184 lirsgt - ok

12:29:06.0059 8184 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

12:29:06.0111 8184 lltdio - ok

12:29:06.0171 8184 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

12:29:06.0210 8184 lltdsvc - ok

12:29:06.0245 8184 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

12:29:06.0304 8184 lmhosts - ok

12:29:06.0345 8184 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

12:29:06.0364 8184 LSI_FC - ok

12:29:06.0389 8184 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

12:29:06.0410 8184 LSI_SAS - ok

12:29:06.0429 8184 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

12:29:06.0449 8184 LSI_SCSI - ok

12:29:06.0490 8184 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

12:29:06.0549 8184 luafv - ok

12:29:06.0597 8184 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

12:29:06.0614 8184 MBAMProtector - ok

12:29:06.0738 8184 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

12:29:06.0787 8184 MBAMService - ok

12:29:06.0839 8184 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

12:29:06.0879 8184 Mcx2Svc - ok

12:29:06.0929 8184 mdf15 - ok

12:29:06.0962 8184 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

12:29:06.0980 8184 mdmxsdk - ok

12:29:07.0018 8184 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

12:29:07.0038 8184 megasas - ok

12:29:07.0073 8184 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys

12:29:07.0095 8184 mferkdk - ok

12:29:07.0164 8184 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys

12:29:07.0183 8184 mfesmfk - ok

12:29:07.0241 8184 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

12:29:07.0312 8184 MMCSS - ok

12:29:07.0350 8184 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

12:29:07.0410 8184 Modem - ok

12:29:07.0443 8184 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

12:29:07.0481 8184 monitor - ok

12:29:07.0512 8184 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

12:29:07.0532 8184 mouclass - ok

12:29:07.0555 8184 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

12:29:07.0606 8184 mouhid - ok

12:29:07.0644 8184 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

12:29:07.0664 8184 MountMgr - ok

12:29:07.0712 8184 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

12:29:07.0734 8184 MozillaMaintenance - ok

12:29:07.0758 8184 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

12:29:07.0779 8184 mpio - ok

12:29:07.0814 8184 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

12:29:07.0844 8184 mpsdrv - ok

12:29:07.0893 8184 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

12:29:07.0985 8184 MpsSvc - ok

12:29:08.0033 8184 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

12:29:08.0052 8184 Mraid35x - ok

12:29:08.0104 8184 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

12:29:08.0153 8184 MRxDAV - ok

12:29:08.0200 8184 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:29:08.0287 8184 mrxsmb - ok

12:29:08.0329 8184 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:29:08.0366 8184 mrxsmb10 - ok

12:29:08.0411 8184 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:29:08.0451 8184 mrxsmb20 - ok

12:29:08.0496 8184 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys

12:29:08.0520 8184 msahci - ok

12:29:08.0539 8184 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

12:29:08.0559 8184 msdsm - ok

12:29:08.0598 8184 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

12:29:08.0664 8184 MSDTC - ok

12:29:08.0722 8184 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

12:29:08.0770 8184 Msfs - ok

12:29:08.0807 8184 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

12:29:08.0828 8184 msisadrv - ok

12:29:08.0872 8184 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

12:29:08.0928 8184 MSiSCSI - ok

12:29:08.0934 8184 msiserver - ok

12:29:08.0977 8184 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

12:29:09.0035 8184 MSKSSRV - ok

12:29:09.0060 8184 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

12:29:09.0096 8184 MSPCLOCK - ok

12:29:09.0127 8184 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

12:29:09.0175 8184 MSPQM - ok

12:29:09.0213 8184 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

12:29:09.0251 8184 MsRPC - ok

12:29:09.0294 8184 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

12:29:09.0315 8184 mssmbios - ok

12:29:09.0355 8184 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

12:29:09.0403 8184 MSTEE - ok

12:29:09.0462 8184 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

12:29:09.0484 8184 Mup - ok

12:29:09.0642 8184 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

12:29:09.0665 8184 N360 - ok

12:29:09.0709 8184 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

12:29:09.0774 8184 napagent - ok

12:29:09.0812 8184 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

12:29:09.0859 8184 NativeWifiP - ok

12:29:10.0051 8184 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120607.034\NAVENG.SYS

12:29:10.0072 8184 NAVENG - ok

12:29:10.0177 8184 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120607.034\NAVEX15.SYS

12:29:10.0276 8184 NAVEX15 - ok

12:29:10.0426 8184 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

12:29:10.0499 8184 NDIS - ok

12:29:10.0540 8184 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

12:29:10.0603 8184 NdisTapi - ok

12:29:10.0628 8184 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

12:29:10.0665 8184 Ndisuio - ok

12:29:10.0709 8184 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

12:29:10.0764 8184 NdisWan - ok

12:29:10.0798 8184 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

12:29:10.0827 8184 NDProxy - ok

12:29:10.0861 8184 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

12:29:10.0898 8184 NetBIOS - ok

12:29:10.0964 8184 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

12:29:11.0007 8184 netbt - ok

12:29:11.0032 8184 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

12:29:11.0054 8184 Netlogon - ok

12:29:11.0120 8184 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

12:29:11.0197 8184 Netman - ok

12:29:11.0323 8184 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:29:11.0353 8184 NetMsmqActivator - ok

12:29:11.0372 8184 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:29:11.0396 8184 NetPipeActivator - ok

12:29:11.0452 8184 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

12:29:11.0586 8184 netprofm - ok

12:29:11.0622 8184 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:29:11.0645 8184 NetTcpActivator - ok

12:29:11.0664 8184 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:29:11.0722 8184 NetTcpPortSharing - ok

12:29:11.0769 8184 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

12:29:11.0804 8184 nfrd960 - ok

12:29:11.0872 8184 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

12:29:11.0933 8184 NlaSvc - ok

12:29:11.0972 8184 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\DRIVERS\npf.sys

12:29:11.0994 8184 NPF - ok

12:29:12.0064 8184 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

12:29:12.0144 8184 Npfs - ok

12:29:12.0178 8184 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

12:29:12.0236 8184 nsi - ok

12:29:12.0282 8184 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

12:29:12.0349 8184 nsiproxy - ok

12:29:12.0463 8184 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

12:29:12.0595 8184 Ntfs - ok

12:29:12.0647 8184 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

12:29:12.0715 8184 ntrigdigi - ok

12:29:12.0749 8184 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

12:29:12.0766 8184 NuidFltr - ok

12:29:12.0792 8184 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

12:29:12.0840 8184 Null - ok

12:29:12.0874 8184 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

12:29:12.0897 8184 nvraid - ok

12:29:12.0920 8184 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys

12:29:12.0975 8184 nvstor - ok

12:29:13.0016 8184 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys

12:29:13.0036 8184 nvstor32 - ok

12:29:13.0089 8184 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

12:29:13.0120 8184 nv_agp - ok

12:29:13.0132 8184 NwlnkFlt - ok

12:29:13.0153 8184 NwlnkFwd - ok

12:29:13.0286 8184 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:29:13.0322 8184 odserv - ok

12:29:13.0420 8184 oflpydin - ok

12:29:13.0464 8184 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

12:29:13.0534 8184 ohci1394 - ok

12:29:13.0572 8184 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:29:13.0605 8184 ose - ok

12:29:13.0715 8184 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

12:29:13.0838 8184 p2pimsvc - ok

12:29:13.0852 8184 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

12:29:13.0900 8184 p2psvc - ok

12:29:13.0931 8184 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

12:29:13.0994 8184 Parport - ok

12:29:14.0020 8184 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

12:29:14.0044 8184 partmgr - ok

12:29:14.0063 8184 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

12:29:14.0126 8184 Parvdm - ok

12:29:14.0154 8184 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

12:29:14.0198 8184 PcaSvc - ok

12:29:14.0247 8184 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

12:29:14.0278 8184 pci - ok

12:29:14.0311 8184 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys

12:29:14.0330 8184 pciide - ok

12:29:14.0367 8184 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

12:29:14.0397 8184 pcmcia - ok

12:29:14.0451 8184 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

12:29:14.0561 8184 PEAUTH - ok

12:29:14.0689 8184 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

12:29:14.0814 8184 pla - ok

12:29:14.0922 8184 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

12:29:14.0963 8184 PlugPlay - ok

12:29:15.0011 8184 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe

12:29:15.0032 8184 PnkBstrA - ok

12:29:15.0067 8184 PnkBstrB (27f1be4a53441c9f1f48b9adc145b0a5) C:\Windows\system32\PnkBstrB.exe

12:29:15.0095 8184 PnkBstrB - ok

12:29:15.0149 8184 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

12:29:15.0185 8184 PNRPAutoReg - ok

12:29:15.0197 8184 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

12:29:15.0232 8184 PNRPsvc - ok

12:29:15.0284 8184 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys

12:29:15.0307 8184 Point32 - ok

12:29:15.0358 8184 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

12:29:15.0447 8184 PolicyAgent - ok

12:29:15.0497 8184 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

12:29:15.0560 8184 PptpMiniport - ok

12:29:15.0595 8184 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

12:29:15.0673 8184 Processor - ok

12:29:15.0721 8184 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

12:29:15.0762 8184 ProfSvc - ok

12:29:15.0791 8184 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

12:29:15.0813 8184 ProtectedStorage - ok

12:29:15.0849 8184 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

12:29:15.0893 8184 PSched - ok

12:29:15.0927 8184 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys

12:29:15.0946 8184 PSI - ok

12:29:16.0005 8184 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys

12:29:16.0026 8184 PxHelp20 - ok

12:29:16.0097 8184 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

12:29:16.0164 8184 ql2300 - ok

12:29:16.0219 8184 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

12:29:16.0250 8184 ql40xx - ok

12:29:16.0305 8184 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

12:29:16.0349 8184 QWAVE - ok

12:29:16.0378 8184 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

12:29:16.0411 8184 QWAVEdrv - ok

12:29:16.0948 8184 R300 (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys

12:29:17.0295 8184 R300 - ok

12:29:17.0411 8184 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

12:29:17.0465 8184 RasAcd - ok

12:29:17.0518 8184 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

12:29:17.0596 8184 RasAuto - ok

12:29:17.0632 8184 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:29:17.0669 8184 Rasl2tp - ok

12:29:17.0736 8184 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

12:29:17.0782 8184 RasMan - ok

12:29:17.0808 8184 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

12:29:17.0850 8184 RasPppoe - ok

12:29:17.0883 8184 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

12:29:17.0915 8184 RasSstp - ok

12:29:17.0958 8184 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

12:29:17.0996 8184 rdbss - ok

12:29:18.0027 8184 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:29:18.0074 8184 RDPCDD - ok

12:29:18.0121 8184 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

12:29:18.0168 8184 rdpdr - ok

12:29:18.0195 8184 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

12:29:18.0244 8184 RDPENCDD - ok

12:29:18.0287 8184 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

12:29:18.0358 8184 RDPWD - ok

12:29:18.0397 8184 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

12:29:18.0444 8184 RemoteAccess - ok

12:29:18.0492 8184 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

12:29:18.0557 8184 RemoteRegistry - ok

12:29:18.0722 8184 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

12:29:18.0817 8184 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning

12:29:18.0817 8184 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)

12:29:18.0851 8184 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

12:29:18.0872 8184 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning

12:29:18.0872 8184 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)

12:29:18.0915 8184 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

12:29:18.0978 8184 RpcLocator - ok

12:29:19.0041 8184 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

12:29:19.0091 8184 RpcSs - ok

12:29:19.0161 8184 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

12:29:19.0220 8184 rspndr - ok

12:29:19.0254 8184 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

12:29:19.0275 8184 SamSs - ok

12:29:19.0321 8184 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

12:29:19.0339 8184 SASDIFSV - ok

12:29:19.0367 8184 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

12:29:19.0384 8184 SASKUTIL - ok

12:29:19.0422 8184 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

12:29:19.0443 8184 sbp2port - ok

12:29:19.0493 8184 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

12:29:19.0612 8184 SCardSvr - ok

12:29:19.0681 8184 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

12:29:19.0806 8184 Schedule - ok

12:29:19.0855 8184 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

12:29:19.0883 8184 SCPolicySvc - ok

12:29:19.0940 8184 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

12:29:20.0047 8184 SDRSVC - ok

12:29:20.0067 8184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

12:29:20.0149 8184 secdrv - ok

12:29:20.0185 8184 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

12:29:20.0222 8184 seclogon - ok

12:29:20.0396 8184 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe

12:29:20.0591 8184 Secunia PSI Agent - ok

12:29:20.0685 8184 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe

12:29:20.0826 8184 Secunia Update Agent - ok

12:29:20.0930 8184 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

12:29:20.0967 8184 SENS - ok

12:29:21.0015 8184 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

12:29:21.0086 8184 Serenum - ok

12:29:21.0120 8184 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

12:29:21.0200 8184 Serial - ok

12:29:21.0233 8184 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

12:29:21.0269 8184 sermouse - ok

12:29:21.0326 8184 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

12:29:21.0375 8184 SessionEnv - ok

12:29:21.0401 8184 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

12:29:21.0460 8184 sffdisk - ok

12:29:21.0475 8184 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

12:29:21.0536 8184 sffp_mmc - ok

12:29:21.0561 8184 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

12:29:21.0636 8184 sffp_sd - ok

12:29:21.0654 8184 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

12:29:21.0716 8184 sfloppy - ok

12:29:21.0780 8184 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

12:29:21.0848 8184 SharedAccess - ok

12:29:21.0918 8184 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

12:29:21.0986 8184 ShellHWDetection - ok

12:29:22.0021 8184 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

12:29:22.0042 8184 sisagp - ok

12:29:22.0066 8184 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

12:29:22.0085 8184 SiSRaid2 - ok

12:29:22.0134 8184 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

12:29:22.0154 8184 SiSRaid4 - ok

12:29:22.0258 8184 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe

12:29:22.0284 8184 SkypeUpdate - ok

12:29:22.0469 8184 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

12:29:22.0669 8184 slsvc - ok

12:29:22.0780 8184 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

12:29:22.0829 8184 SLUINotify - ok

12:29:22.0909 8184 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

12:29:22.0952 8184 Smb - ok

12:29:23.0007 8184 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

12:29:23.0028 8184 SNMPTRAP - ok

12:29:23.0069 8184 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

12:29:23.0089 8184 spldr - ok

12:29:23.0131 8184 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

12:29:23.0192 8184 Spooler - ok

12:29:23.0253 8184 sprtsvc_dellsupportcenter - ok

12:29:23.0321 8184 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys

12:29:23.0322 8184 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46

12:29:23.0324 8184 sptd ( LockedFile.Multi.Generic ) - warning

12:29:23.0324 8184 sptd - detected LockedFile.Multi.Generic (1)

12:29:23.0421 8184 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502010.003\SRTSP.SYS

12:29:23.0466 8184 SRTSP - ok

12:29:23.0511 8184 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502010.003\SRTSPX.SYS

12:29:23.0530 8184 SRTSPX - ok

12:29:23.0580 8184 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

12:29:23.0652 8184 srv - ok

12:29:23.0701 8184 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

12:29:23.0762 8184 srv2 - ok

12:29:23.0793 8184 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

12:29:23.0830 8184 srvnet - ok

12:29:23.0868 8184 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

12:29:23.0916 8184 SSDPSRV - ok

12:29:23.0955 8184 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

12:29:23.0987 8184 SstpSvc - ok

12:29:24.0045 8184 Steam Client Service - ok

12:29:24.0103 8184 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys

12:29:24.0185 8184 STHDA - ok

12:29:24.0247 8184 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

12:29:24.0300 8184 stisvc - ok

12:29:24.0357 8184 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

12:29:24.0387 8184 stllssvr ( UnsignedFile.Multi.Generic ) - warning

12:29:24.0387 8184 stllssvr - detected UnsignedFile.Multi.Generic (1)

12:29:24.0423 8184 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

12:29:24.0442 8184 swenum - ok

12:29:24.0490 8184 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

12:29:24.0547 8184 swprv - ok

12:29:24.0580 8184 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

12:29:24.0598 8184 Symc8xx - ok

12:29:24.0688 8184 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502010.003\SYMDS.SYS

12:29:24.0724 8184 SymDS - ok

12:29:24.0779 8184 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502010.003\SYMEFA.SYS

12:29:24.0835 8184 SymEFA - ok

12:29:24.0864 8184 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS

12:29:24.0894 8184 SymEvent - ok

12:29:24.0919 8184 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502010.003\Ironx86.SYS

12:29:24.0947 8184 SymIRON - ok

12:29:24.0974 8184 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502010.003\SYMTDIV.SYS

12:29:25.0011 8184 SYMTDIv - ok

12:29:25.0042 8184 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

12:29:25.0061 8184 Sym_hi - ok

12:29:25.0081 8184 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

12:29:25.0100 8184 Sym_u3 - ok

12:29:25.0161 8184 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

12:29:25.0223 8184 SysMain - ok

12:29:25.0270 8184 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

12:29:25.0319 8184 TabletInputService - ok

12:29:25.0360 8184 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

12:29:25.0412 8184 TapiSrv - ok

12:29:25.0465 8184 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

12:29:25.0517 8184 TBS - ok

12:29:25.0587 8184 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

12:29:25.0674 8184 Tcpip - ok

12:29:25.0692 8184 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

12:29:25.0743 8184 Tcpip6 - ok

12:29:25.0779 8184 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

12:29:25.0846 8184 tcpipreg - ok

12:29:25.0891 8184 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

12:29:25.0939 8184 TDPIPE - ok

12:29:25.0962 8184 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

12:29:25.0997 8184 TDTCP - ok

12:29:26.0031 8184 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

12:29:26.0061 8184 tdx - ok

12:29:26.0090 8184 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

12:29:26.0111 8184 TermDD - ok

12:29:26.0180 8184 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

12:29:26.0269 8184 TermService - ok

12:29:26.0315 8184 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

12:29:26.0339 8184 Themes - ok

12:29:26.0375 8184 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

12:29:26.0413 8184 THREADORDER - ok

12:29:26.0441 8184 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

12:29:26.0480 8184 TrkWks - ok

12:29:26.0550 8184 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

12:29:26.0587 8184 TrustedInstaller - ok

12:29:26.0618 8184 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:29:26.0669 8184 tssecsrv - ok

12:29:26.0703 8184 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

12:29:26.0737 8184 tunmp - ok

12:29:26.0754 8184 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

12:29:26.0786 8184 tunnel - ok

12:29:26.0819 8184 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

12:29:26.0839 8184 uagp35 - ok

12:29:26.0881 8184 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

12:29:26.0919 8184 udfs - ok

12:29:26.0972 8184 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

12:29:27.0012 8184 UI0Detect - ok

12:29:27.0048 8184 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

12:29:27.0068 8184 uliagpkx - ok

12:29:27.0102 8184 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

12:29:27.0130 8184 uliahci - ok

12:29:27.0151 8184 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

12:29:27.0174 8184 UlSata - ok

12:29:27.0199 8184 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

12:29:27.0231 8184 ulsata2 - ok

12:29:27.0272 8184 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

12:29:27.0325 8184 umbus - ok

12:29:27.0363 8184 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

12:29:27.0427 8184 upnphost - ok

12:29:27.0469 8184 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

12:29:27.0499 8184 usbccgp - ok

12:29:27.0532 8184 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

12:29:27.0594 8184 usbcir - ok

12:29:27.0623 8184 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

12:29:27.0667 8184 usbehci - ok

12:29:27.0710 8184 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

12:29:27.0752 8184 usbhub - ok

12:29:27.0766 8184 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

12:29:27.0803 8184 usbohci - ok

12:29:27.0837 8184 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

12:29:27.0885 8184 usbprint - ok

12:29:27.0912 8184 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

12:29:27.0942 8184 usbscan - ok

12:29:27.0978 8184 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:29:28.0022 8184 USBSTOR - ok

12:29:28.0057 8184 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

12:29:28.0118 8184 usbuhci - ok

12:29:28.0167 8184 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

12:29:28.0213 8184 UxSms - ok

12:29:28.0280 8184 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

12:29:28.0362 8184 vds - ok

12:29:28.0407 8184 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

12:29:28.0462 8184 vga - ok

12:29:28.0492 8184 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

12:29:28.0535 8184 VgaSave - ok

12:29:28.0595 8184 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

12:29:28.0615 8184 viaagp - ok

12:29:28.0640 8184 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

12:29:28.0721 8184 ViaC7 - ok

12:29:28.0746 8184 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

12:29:28.0782 8184 viaide - ok

12:29:28.0819 8184 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

12:29:28.0840 8184 volmgr - ok

12:29:28.0902 8184 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

12:29:28.0940 8184 volmgrx - ok

12:29:28.0982 8184 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

12:29:29.0012 8184 volsnap - ok

12:29:29.0075 8184 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

12:29:29.0107 8184 vsmraid - ok

12:29:29.0191 8184 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

12:29:29.0290 8184 VSS - ok

12:29:29.0331 8184 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

12:29:29.0396 8184 W32Time - ok

12:29:29.0450 8184 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

12:29:29.0512 8184 WacomPen - ok

12:29:29.0541 8184 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

12:29:29.0581 8184 Wanarp - ok

12:29:29.0586 8184 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

12:29:29.0615 8184 Wanarpv6 - ok

12:29:29.0645 8184 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

12:29:29.0701 8184 wanatw - ok

12:29:29.0753 8184 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

12:29:29.0808 8184 wcncsvc - ok

12:29:29.0847 8184 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

12:29:29.0882 8184 WcsPlugInService - ok

12:29:29.0922 8184 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

12:29:29.0941 8184 Wd - ok

12:29:29.0999 8184 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

12:29:30.0051 8184 Wdf01000 - ok

12:29:30.0116 8184 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

12:29:30.0168 8184 WdiServiceHost - ok

12:29:30.0177 8184 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

12:29:30.0225 8184 WdiSystemHost - ok

12:29:30.0275 8184 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

12:29:30.0313 8184 WebClient - ok

12:29:30.0351 8184 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

12:29:30.0425 8184 Wecsvc - ok

12:29:30.0456 8184 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

12:29:30.0508 8184 wercplsupport - ok

12:29:30.0567 8184 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

12:29:30.0609 8184 WerSvc - ok

12:29:30.0675 8184 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

12:29:30.0805 8184 winachsf - ok

12:29:30.0920 8184 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

12:29:30.0958 8184 WinDefend - ok

12:29:30.0975 8184 WinHttpAutoProxySvc - ok

12:29:31.0042 8184 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

12:29:31.0086 8184 Winmgmt - ok

12:29:31.0166 8184 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys

12:29:31.0186 8184 WinRing0_1_2_0 - ok

12:29:31.0283 8184 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

12:29:31.0375 8184 WinRM - ok

12:29:31.0489 8184 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS

12:29:31.0541 8184 winusb - ok

12:29:31.0612 8184 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

12:29:31.0696 8184 Wlansvc - ok

12:29:31.0818 8184 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:29:31.0836 8184 wlcrasvc - ok

12:29:31.0977 8184 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:29:32.0082 8184 wlidsvc - ok

12:29:32.0196 8184 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

12:29:32.0258 8184 WmiAcpi - ok

12:29:32.0328 8184 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

12:29:32.0387 8184 wmiApSrv - ok

12:29:32.0512 8184 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

12:29:32.0623 8184 WMPNetworkSvc - ok

12:29:32.0707 8184 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

12:29:32.0804 8184 WPCSvc - ok

12:29:32.0841 8184 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

12:29:32.0915 8184 WPDBusEnum - ok

12:29:32.0972 8184 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

12:29:32.0997 8184 WpdUsb - ok

12:29:33.0149 8184 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:29:33.0206 8184 WPFFontCache_v0400 - ok

12:29:33.0244 8184 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

12:29:33.0286 8184 ws2ifsl - ok

12:29:33.0317 8184 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

12:29:33.0353 8184 wscsvc - ok

12:29:33.0361 8184 WSearch - ok

12:29:33.0504 8184 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

12:29:33.0618 8184 wuauserv - ok

12:29:33.0728 8184 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:29:33.0797 8184 WUDFRd - ok

12:29:33.0843 8184 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

12:29:33.0895 8184 wudfsvc - ok

12:29:33.0953 8184 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

12:29:33.0973 8184 XAudio - ok

12:29:34.0026 8184 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe

12:29:34.0092 8184 XAudioService - ok

12:29:34.0153 8184 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

12:29:34.0599 8184 \Device\Harddisk0\DR0 - ok

12:29:34.0611 8184 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

12:29:34.0757 8184 \Device\Harddisk1\DR1 - ok

12:29:34.0801 8184 Boot (0x1200) (ad346c5dd952b3d4976cefe795f2afbf) \Device\Harddisk0\DR0\Partition0

12:29:34.0814 8184 \Device\Harddisk0\DR0\Partition0 - ok

12:29:34.0831 8184 Boot (0x1200) (aa4b7439b1345c06a5039d38294115ad) \Device\Harddisk0\DR0\Partition1

12:29:34.0839 8184 \Device\Harddisk0\DR0\Partition1 - ok

12:29:34.0852 8184 Boot (0x1200) (f2439314d7d529457ec2b0cc507c39f6) \Device\Harddisk1\DR1\Partition0

12:29:34.0853 8184 \Device\Harddisk1\DR1\Partition0 - ok

12:29:34.0861 8184 ============================================================

12:29:34.0862 8184 Scan finished

12:29:34.0862 8184 ============================================================

12:29:34.0892 4448 Detected object count: 9

12:29:34.0892 4448 Actual detected object count: 9

12:30:35.0015 4448 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

12:30:35.0015 4448 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

12:30:35.0020 4448 DSBrokerService ( UnsignedFile.Multi.Generic ) - skipped by user

12:30:35.0022 4448 DSBrokerService ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:30:35.0026 4448 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user

12:30:35.0026 4448 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:30:35.0032 4448 dsunidrv ( UnsignedFile.Multi.Generic ) - skipped by user

12:30:35.0032 4448 dsunidrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:30:35.0037 4448 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

12:30:35.0038 4448 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:30:35.0043 4448 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user

12:30:35.0043 4448 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:30:35.0044 4448 RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user

12:30:35.0044 4448 RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:30:35.0052 4448 sptd ( LockedFile.Multi.Generic ) - skipped by user

12:30:35.0052 4448 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

12:30:35.0058 4448 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user

12:30:35.0058 4448 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:31:43.0032 5924 Deinitialize success

Here is the Malwarebytes' Anti-Malware log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.08.04

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19222

Joecool :: JOE [limited]

Protection: Disabled

6/8/2012 12:33:42 PM

mbam-log-2012-06-08 (12-33-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 246086

Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

And here is the fresh DDS log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19222

Run by Joecool at 12:50:45 on 2012-06-08

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\atieclxx.exe

c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\Windows\system32\iashost.exe

C:\Users\Joecool\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\IObit\Game Booster 3\gbtray.exe

C:\Program Files\SFT\GuardedID\gidd.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

C:\Windows\system32\dlbucoms.exe

C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\explorer.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\sttray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Joecool\AppData\Local\Akamai\netsession_win.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe

C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe

C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe

C:\Users\Joecool\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe

C:\Users\Joecool\AppData\Local\Akamai\netsession_win.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\Secunia\PSI\PSI_TRAY.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\prevhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Constant Guard Protection Suite\IDVault.exe

C:\Users\Joecool\Desktop\dds.scr

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uWindow Title = Internet Explorer provided by Dell

uStart Page = about:blank

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070504

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070504

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\programdata\white sky, inc\id vault\iebho1.1.517.3\NativeBHO.dll

TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [Akamai NetSession Interface] "c:\users\joecool\appdata\local\akamai\netsession_win.exe"

uRun: [Google Update] "c:\users\joecool\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [skyDrive] "c:\users\joecool\appdata\local\microsoft\skydrive\SkyDrive.exe" /background

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBUtime.dll,_RunDLLEntry@16

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB

TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

TCP: Interfaces\{C2C6E0AE-A802-4789-B19F-B95E0DB6F417} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

TCP: Interfaces\{F97EF8F4-5B7B-4D60-A93D-31E51F9A72EF} : DhcpNameServer = 68.87.72.134 68.87.77.134

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - No File

STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - No File

STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - No File

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\joecool\appdata\roaming\mozilla\firefox\profiles\ujbsj46j.default\

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\joecool\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? AODDriver4.0;AODDriver4.0

R? BCMH43XX;Broadcom 802.11 USB Network Adapter Driver

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? cpudrv;cpudrv

R? fssfltr;fssfltr

R? fsssvc;Windows Live Family Safety Service

R? gupdate1c9a37b9340a128;Google Update Service (gupdate1c9a37b9340a128)

R? gupdatem;Google Update Service (gupdatem)

R? Linksys_adapter;Linksys Adapter Network Driver

R? mdf15;mdf15

R? mferkdk;McAfee Inc. mferkdk

R? mfesmfk;McAfee Inc. mfesmfk

R? MozillaMaintenance;Mozilla Maintenance Service

R? NPF;Netgroup Packet Filter

R? oflpydin;oflpydin

R? SkypeUpdate;Skype Updater

R? wlcrasvc;Windows Live Mesh remote connections service

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? !SASCORE;SAS Core Service

S? AdobeARMservice;Adobe Acrobat Update Service

S? Akamai;Akamai NetSession Interface

S? AMD External Events Utility;AMD External Events Utility

S? AMD FUEL Service;AMD FUEL Service

S? amdiox86;AMD IO Driver

S? amdkmdag;amdkmdag

S? amdkmdap;amdkmdap

S? ASKService;ASKService

S? ASKUpgrade;ASKUpgrade

S? AtiHDAudioService;AMD Function Driver for HD Audio Service

S? BHDrvx86;BHDrvx86

S? EraserUtilRebootDrv;EraserUtilRebootDrv

S? FontCache;Windows Font Cache Service

S? GIDv2;GIDv2

S? IDSVix86;IDSVix86

S? IDVaultSvc;CGPS Service

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

S? MBAMSwissArmy;MBAMSwissArmy

S? N360;Norton Security Suite

S? PSI;PSI

S? SASDIFSV;SASDIFSV

S? SASKUTIL;SASKUTIL

S? Secunia PSI Agent;Secunia PSI Agent

S? Secunia Update Agent;Secunia Update Agent

S? SymDS;Symantec Data Store

S? SymEFA;Symantec Extended File Attributes

S? SymIRON;Symantec Iron Driver

S? SYMTDIv;Symantec Vista Network Dispatch Driver

S? WinRing0_1_2_0;WinRing0_1_2_0

.

=============== Created Last 30 ================

.

2012-06-08 17:31:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-06-08 07:18:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1256ce45-35d4-4d80-842c-80d38363b886}\offreg.dll

2012-06-08 07:07:30 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1256ce45-35d4-4d80-842c-80d38363b886}\mpengine.dll

2012-06-08 00:50:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-06-08 00:50:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-06-08 00:50:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-06-08 00:50:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-06-08 00:50:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-06-08 00:50:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-06-08 00:50:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-06-08 00:43:28 -------- d-----w- c:\program files\Bonjour Print Services

2012-06-08 00:42:53 -------- d-----w- c:\program files\Bonjour

2012-06-08 00:30:58 -------- d-----w- c:\users\joecool\appdata\local\Secunia PSI

2012-06-08 00:30:48 -------- d-----w- c:\program files\Secunia

2012-06-07 20:40:15 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-07 02:18:01 11035168 ----a-w- c:\program files\common files\lpuninstall.exe

2012-06-07 02:17:56 -------- d-----w- c:\program files\LastPass

2012-06-07 01:25:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-06 22:25:15 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-06 08:09:11 -------- d-----w- c:\programdata\HitmanPro

2012-06-06 08:02:04 -------- d-----w- c:\users\joecool\appdata\roaming\SUPERAntiSpyware.com

2012-06-06 08:01:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-06 08:01:42 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-01 22:55:50 -------- d-----w- c:\program files\AMD APP

2012-06-01 22:42:45 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2012-06-01 22:42:38 19753984 ----a-w- c:\windows\system32\atioglxx.dll

2012-06-01 22:42:36 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2012-06-01 22:42:34 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-01 22:42:34 217600 ----a-w- c:\windows\system32\atiesrxx.exe

2012-05-31 01:45:02 -------- d-----w- c:\users\joecool\appdata\roaming\.Nitrous

2012-05-11 20:24:59 2044928 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-06-07 02:40:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-07 02:40:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-01 22:44:09 13764096 ----a-w- c:\windows\system32\aticaldd.dll

2012-06-01 22:42:34 83984 ----a-w- c:\windows\system32\drivers\AtihdLH3.sys

2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-11 04:31:54 2303488 ----a-w- c:\windows\system32\python27.dll

2012-04-06 03:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 03:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll

2012-04-06 03:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll

2012-04-06 03:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll

2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6002

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

.

============= FINISH: 12:56:53.23 ===============

Link to post
Share on other sites

Ask them when you are ready. :)

Step 1

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Step 2

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • ComboFix log
  • aswMBR log

Link to post
Share on other sites

Alrighty, here's the ComboFix log

ComboFix 12-06-08.02 - Joecool 06/08/2012 17:22:19.1.2 - x86

Running from: c:\users\Joecool\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Joecool\AppData\Roaming\5f3fc5be.dat

c:\windows\system32\%SYSTE~1

c:\windows\system32\%SYSTE~1\ProgramData\Microsoft\Windows\WER\ReportArchive\Report14a61e27\Report.wer

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))

.

.

2012-06-08 22:35 . 2012-06-08 22:35 -------- d-----w- c:\users\ibryer\AppData\Local\temp

2012-06-08 22:35 . 2012-06-08 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-08 01:02 . 2012-06-08 01:02 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-06-08 00:49 . 2012-06-08 00:50 -------- d-----w- c:\program files\QuickTime

2012-06-08 00:43 . 2012-06-08 00:43 -------- d-----w- c:\program files\Bonjour Print Services

2012-06-08 00:42 . 2012-06-08 00:42 -------- d-----w- c:\program files\Bonjour

2012-06-08 00:30 . 2012-06-08 00:30 -------- d-----w- c:\users\Joecool\AppData\Local\Secunia PSI

2012-06-08 00:30 . 2012-06-08 00:30 -------- d-----w- c:\program files\Secunia

2012-06-07 02:34 . 2012-06-07 02:34 -------- d-----w- c:\program files\Java

2012-06-07 02:18 . 2012-06-07 02:18 11035168 ----a-w- c:\program files\Common Files\lpuninstall.exe

2012-06-07 02:17 . 2012-06-07 02:18 -------- d-----w- c:\program files\LastPass

2012-06-07 01:25 . 2012-06-07 19:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-06 22:25 . 2012-06-08 01:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-06 08:09 . 2012-06-06 22:40 -------- d-----w- c:\programdata\HitmanPro

2012-06-06 08:02 . 2012-06-06 08:02 -------- d-----w- c:\users\Joecool\AppData\Roaming\SUPERAntiSpyware.com

2012-06-06 08:01 . 2012-06-06 08:02 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-06 08:01 . 2012-06-06 08:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-01 22:56 . 2012-06-01 22:56 -------- d-----w- c:\programdata\ATI

2012-06-01 22:55 . 2012-06-01 22:55 -------- d-----w- c:\program files\AMD APP

2012-06-01 22:42 . 2012-06-01 22:42 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2012-06-01 22:42 . 2012-06-01 22:43 19753984 ----a-w- c:\windows\system32\atioglxx.dll

2012-06-01 22:42 . 2012-06-01 22:42 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2012-06-01 22:42 . 2012-06-01 22:42 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-01 22:42 . 2012-06-01 22:42 217600 ----a-w- c:\windows\system32\atiesrxx.exe

2012-05-31 01:45 . 2012-05-31 19:06 -------- d-----w- c:\users\Joecool\AppData\Roaming\.Nitrous

2012-05-11 20:24 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-08 07:18 . 2012-06-08 07:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1256CE45-35D4-4D80-842C-80D38363B886}\offreg.dll

2012-06-07 02:40 . 2012-04-12 01:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-07 02:40 . 2011-06-26 16:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-01 22:43 . 2010-02-03 03:55 6203392 ----a-w- c:\windows\system32\atiumdag.dll

2012-06-01 22:43 . 2011-06-28 23:48 4795904 ----a-w- c:\windows\system32\atiumdva.dll

2012-06-01 22:43 . 2010-02-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll

2012-06-01 22:43 . 2010-02-03 03:22 32256 ----a-w- c:\windows\system32\atiu9pag.dll

2012-06-01 22:43 . 2010-08-26 02:01 909312 ----a-w- c:\windows\system32\aticfx32.dll

2012-06-01 22:42 . 2012-03-23 02:27 83984 ----a-w- c:\windows\system32\drivers\AtihdLH3.sys

2012-05-08 16:40 . 2012-06-08 07:07 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1256CE45-35D4-4D80-842C-80D38363B886}\mpengine.dll

2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-11 04:31 . 2012-04-11 04:31 2303488 ----a-w- c:\windows\system32\python27.dll

2012-04-06 03:34 . 2012-04-06 03:34 159232 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 03:34 . 2012-04-06 03:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll

2012-04-06 03:33 . 2012-04-06 03:33 56320 ----a-w- c:\windows\system32\OVDecode.dll

2012-04-06 03:32 . 2012-04-06 03:32 13007872 ----a-w- c:\windows\system32\amdocl.dll

2012-04-04 20:56 . 2009-09-13 01:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-01 15:40 . 2012-06-08 01:02 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-06-01 23:06 208608 ----a-w- c:\users\Joecool\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-06-01 23:06 208608 ----a-w- c:\users\Joecool\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-06-01 23:06 208608 ----a-w- c:\users\Joecool\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Steam"="c:\program files\Steam\steam.exe" [2011-11-21 1242448]

"Akamai NetSession Interface"="c:\users\Joecool\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]

"SkyDrive"="c:\users\Joecool\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-06-01 296672]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"DLBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk

backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Joecool^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]

path=c:\users\Joecool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk

backup=c:\windows\pss\CNET TechTracker.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Joecool^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Joecool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Joecool^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Joecool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLRebootNeeded]

/s [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-04-05 16:41 17356424 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-11-21 00:25 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 257696]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPNAT

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:40]

.

2011-12-12 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df.exe [2011-11-08 09:12]

.

2011-09-17 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 19:29]

.

2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5e18bc2c36c4.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 01:32]

.

2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc5e18bc79ba84.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 01:32]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-615918264-1738823626-3537891774-1000Core.job

- c:\users\Joecool\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 22:10]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-615918264-1738823626-3537891774-1000UA.job

- c:\users\Joecool\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 22:10]

.

2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{782D4CFA-2397-4DCA-9C78-4473E8DD3873}.job

- c:\windows\system32\msfeedssync.exe [2012-04-10 08:09]

.

2011-07-01 c:\windows\Tasks\User_Feed_Synchronization-{DF39FEA7-DB07-4B87-99F3-36A63141323E}.job

- c:\windows\system32\msfeedssync.exe [2012-04-10 08:09]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Joecool\AppData\Roaming\Mozilla\Firefox\Profiles\ujbsj46j.default\

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe

MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,fe,81,3f,27,50,31,42,bc,ee,15,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,fe,81,3f,27,50,31,42,bc,ee,15,\

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:cb,1c,63,e2,02,45,06,6f,c9,4b,1e,b3,a5,05,ce,1d,d2,e1,6a,a6,90,1f,c5,

a2,a5,b5,c5,66,24,d6,91,64,d7,c0,20,41,43,05,55,ab,96,79,08,e2,0e,cb,dc,3d,\

"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

.

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000\Software\SecuROM\License information*]

"datasecu"=hex:28,e6,12,38,be,7d,cc,a4,95,75,1c,4e,b7,10,11,0f,80,1d,7a,c6,a9,

5f,06,d7,8c,84,28,83,b8,3c,f1,33,92,2a,37,eb,76,d1,aa,50,b2,48,13,62,c7,61,\

"rkeysecu"=hex:79,49,72,d9,f1,f1,8b,99,cd,48,02,05,55,8b,ec,6c

.

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):f2,43,1d,cf,a6,7d,01,f4,2c,a4,44,19,cf,63,07,96,26,ea,92,d7,58,

6e,92,6b,26,cf,de,f8,b6,a1,e3,9d,e0,61,9d,09,78,1f,9e,66,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000_Classes\CLSID\{9a4700c4-efb7-401b-896c-016b03531262}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000013a

"Therad"=dword:00000006

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3448)

c:\windows\system32\GIDHook.dll

c:\windows\system32\GIDBIN1.dll

c:\windows\system32\EasyHook32.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atiesrxx.exe

c:\windows\system32\atieclxx.exe

c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\AskBarDis\bar\bin\AskService.exe

c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\dlbucoms.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program files\Secunia\PSI\PSIA.exe

c:\program files\Secunia\PSI\sua.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

c:\windows\system32\iashost.exe

c:\program files\Constant Guard Protection Suite\IDVault.exe

c:\windows\system32\DllHost.exe

c:\windows\sttray.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\msiexec.exe

c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe

c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe

c:\program files\Secunia\PSI\psi_tray.exe

c:\users\Joecool\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Microsoft IntelliType Pro\dpupdchk.exe

c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-06-08 17:53:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-08 22:52

.

Pre-Run: 26,816,704,512 bytes free

Post-Run: 26,396,409,856 bytes free

.

- - End Of File - - D5248AB413DF49B27C95664CFBE1AB0C

And here's the aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-08 17:54:23

-----------------------------

17:54:23.038 OS Version: Windows 6.0.6002 Service Pack 2

17:54:23.039 Number of processors: 2 586 0x6B01

17:54:23.040 ComputerName: JOE UserName:

17:54:25.013 Initialize success

17:54:45.120 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a

17:54:45.123 Disk 0 Vendor: Size: 0MB BusType: 0

17:54:45.126 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007f

17:54:45.129 Disk 1 Vendor: Size: 0MB BusType: 0

17:54:45.157 Disk 0 MBR read successfully

17:54:45.160 Disk 0 MBR scan

17:54:45.164 Disk 0 Windows VISTA default MBR code

17:54:45.168 Disk 0 MBR hidden

17:54:45.182 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63

17:54:45.195 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304

17:54:45.218 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228129 MB offset 21069824

17:54:45.274 Disk 0 scanning C:\Windows\system32\drivers

17:54:58.785 Service scanning

17:55:15.936 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

17:55:21.913 Modules scanning

17:55:35.456 Disk 0 trace - called modules:

17:55:35.478 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x859271e8]<<

17:55:35.485 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c36590]

17:55:35.496 3 CLASSPNP.SYS[8bba58b3] -> nt!IofCallDriver -> [0x86711f08]

17:55:35.503 5 acpi.sys[807226bc] -> nt!IofCallDriver -> \Device\0000006a[0x862e2928]

17:55:35.513 \Driver\nvstor32[0x862d6658] -> IRP_MJ_CREATE -> 0x859271e8

17:55:35.521 Scan finished successfully

17:55:53.294 Disk 0 MBR has been saved successfully to "C:\Users\Joecool\Desktop\MBR.dat"

17:55:53.302 The log file has been saved successfully to "C:\Users\Joecool\Desktop\aswMBR.txt"

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\AskBarDis

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

DDS::
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Here is the log from the CFScript run:

ComboFix 12-06-08.02 - Joecool 06/09/2012 13:24:17.2.2 - x86

Running from: c:\users\Joecool\Desktop\Anti-Virusalawatrojans\ComboFix.exe

Command switches used :: c:\users\Joecool\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\AskBarDis

c:\program files\AskBarDis\bar\bin\askBar.dll

c:\program files\AskBarDis\bar\bin\askPopStp.dll

c:\program files\AskBarDis\bar\bin\AskService.exe

c:\program files\AskBarDis\bar\bin\AskSplash.exe

c:\program files\AskBarDis\bar\bin\AskTBApp.exe

c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe

c:\program files\AskBarDis\bar\bin\psvince.dll

c:\program files\AskBarDis\bar\Settings\AskLogo.ico

c:\program files\AskBarDis\bar\Settings\config.dat

c:\program files\AskBarDis\bar\Settings\config.dat.bak

c:\program files\AskBarDis\unins000.dat

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_ASKService

-------\Service_ASKUpgrade

-------\Service_ASKService

-------\Service_ASKUpgrade

.

.

((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))

.

.

2012-06-09 18:38 . 2012-06-09 18:43 -------- d-----w- c:\users\Joecool\AppData\Local\temp

2012-06-09 18:38 . 2012-06-09 18:38 -------- d-----w- c:\users\ibryer\AppData\Local\temp

2012-06-08 01:02 . 2012-06-08 01:02 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-08 00:50 . 2012-06-08 00:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-06-08 00:49 . 2012-06-08 00:50 -------- d-----w- c:\program files\QuickTime

2012-06-08 00:43 . 2012-06-08 00:43 -------- d-----w- c:\program files\Bonjour Print Services

2012-06-08 00:42 . 2012-06-08 00:42 -------- d-----w- c:\program files\Bonjour

2012-06-08 00:30 . 2012-06-08 00:30 -------- d-----w- c:\users\Joecool\AppData\Local\Secunia PSI

2012-06-08 00:30 . 2012-06-08 00:30 -------- d-----w- c:\program files\Secunia

2012-06-07 02:34 . 2012-06-07 02:34 -------- d-----w- c:\program files\Java

2012-06-07 02:18 . 2012-06-07 02:18 11035168 ----a-w- c:\program files\Common Files\lpuninstall.exe

2012-06-07 02:17 . 2012-06-07 02:18 -------- d-----w- c:\program files\LastPass

2012-06-07 01:25 . 2012-06-07 19:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-06 22:25 . 2012-06-08 01:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-06 08:09 . 2012-06-06 22:40 -------- d-----w- c:\programdata\HitmanPro

2012-06-06 08:02 . 2012-06-06 08:02 -------- d-----w- c:\users\Joecool\AppData\Roaming\SUPERAntiSpyware.com

2012-06-06 08:01 . 2012-06-06 08:02 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-06 08:01 . 2012-06-06 08:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-01 22:56 . 2012-06-01 22:56 -------- d-----w- c:\programdata\ATI

2012-06-01 22:55 . 2012-06-01 22:55 -------- d-----w- c:\program files\AMD APP

2012-06-01 22:42 . 2012-06-01 22:42 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2012-06-01 22:42 . 2012-06-01 22:43 19753984 ----a-w- c:\windows\system32\atioglxx.dll

2012-06-01 22:42 . 2012-06-01 22:42 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2012-06-01 22:42 . 2012-06-01 22:42 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-01 22:42 . 2012-06-01 22:42 217600 ----a-w- c:\windows\system32\atiesrxx.exe

2012-05-31 01:45 . 2012-05-31 19:06 -------- d-----w- c:\users\Joecool\AppData\Roaming\.Nitrous

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-08 07:18 . 2012-06-08 07:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1256CE45-35D4-4D80-842C-80D38363B886}\offreg.dll

2012-06-07 02:40 . 2012-04-12 01:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-07 02:40 . 2011-06-26 16:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-01 22:43 . 2010-02-03 03:55 6203392 ----a-w- c:\windows\system32\atiumdag.dll

2012-06-01 22:43 . 2011-06-28 23:48 4795904 ----a-w- c:\windows\system32\atiumdva.dll

2012-06-01 22:43 . 2010-02-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll

2012-06-01 22:43 . 2010-02-03 03:22 32256 ----a-w- c:\windows\system32\atiu9pag.dll

2012-06-01 22:43 . 2010-08-26 02:01 909312 ----a-w- c:\windows\system32\aticfx32.dll

2012-06-01 22:42 . 2012-03-23 02:27 83984 ----a-w- c:\windows\system32\drivers\AtihdLH3.sys

2012-05-08 16:40 . 2012-06-08 07:07 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1256CE45-35D4-4D80-842C-80D38363B886}\mpengine.dll

2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-11 04:31 . 2012-04-11 04:31 2303488 ----a-w- c:\windows\system32\python27.dll

2012-04-06 03:34 . 2012-04-06 03:34 159232 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 03:34 . 2012-04-06 03:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll

2012-04-06 03:33 . 2012-04-06 03:33 56320 ----a-w- c:\windows\system32\OVDecode.dll

2012-04-06 03:32 . 2012-04-06 03:32 13007872 ----a-w- c:\windows\system32\amdocl.dll

2012-04-04 20:56 . 2009-09-13 01:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-02 13:36 . 2012-05-11 20:24 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-06-01 15:40 . 2012-06-08 01:02 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-06-01 23:06 208608 ----a-w- c:\users\Joecool\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-06-01 23:06 208608 ----a-w- c:\users\Joecool\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-06-01 23:06 208608 ----a-w- c:\users\Joecool\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Steam"="c:\program files\Steam\steam.exe" [2011-11-21 1242448]

"Akamai NetSession Interface"="c:\users\Joecool\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]

"SkyDrive"="c:\users\Joecool\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-06-01 296672]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]

"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2010-02-03 385024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"DLBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk

backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Joecool^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]

path=c:\users\Joecool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk

backup=c:\windows\pss\CNET TechTracker.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Joecool^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Joecool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Joecool^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Joecool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLRebootNeeded]

/s [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-04-05 16:41 17356424 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-11-21 00:25 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 257696]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:40]

.

2011-12-12 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df.exe [2011-11-08 09:12]

.

2011-09-17 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 19:29]

.

2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5e18bc2c36c4.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 01:32]

.

2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc5e18bc79ba84.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 01:32]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-615918264-1738823626-3537891774-1000Core.job

- c:\users\Joecool\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 22:10]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-615918264-1738823626-3537891774-1000UA.job

- c:\users\Joecool\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 22:10]

.

2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{782D4CFA-2397-4DCA-9C78-4473E8DD3873}.job

- c:\windows\system32\msfeedssync.exe [2012-04-10 08:09]

.

2011-07-01 c:\windows\Tasks\User_Feed_Synchronization-{DF39FEA7-DB07-4B87-99F3-36A63141323E}.job

- c:\windows\system32\msfeedssync.exe [2012-04-10 08:09]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = <local>

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Joecool\AppData\Roaming\Mozilla\Firefox\Profiles\ujbsj46j.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-09 13:44

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,fe,81,3f,27,50,31,42,bc,ee,15,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,fe,81,3f,27,50,31,42,bc,ee,15,\

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:cb,1c,63,e2,02,45,06,6f,c9,4b,1e,b3,a5,05,ce,1d,d2,e1,6a,a6,90,1f,c5,

a2,a5,b5,c5,66,24,d6,91,64,d7,c0,20,41,43,05,55,ab,96,79,08,e2,0e,cb,dc,3d,\

"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

.

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000\Software\SecuROM\License information*]

"datasecu"=hex:28,e6,12,38,be,7d,cc,a4,95,75,1c,4e,b7,10,11,0f,80,1d,7a,c6,a9,

5f,06,d7,8c,84,28,83,b8,3c,f1,33,92,2a,37,eb,76,d1,aa,50,b2,48,13,62,c7,61,\

"rkeysecu"=hex:79,49,72,d9,f1,f1,8b,99,cd,48,02,05,55,8b,ec,6c

.

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):f2,43,1d,cf,a6,7d,01,f4,2c,a4,44,19,cf,63,07,96,26,ea,92,d7,58,

6e,92,6b,26,cf,de,f8,b6,a1,e3,9d,e0,61,9d,09,78,1f,9e,66,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000_Classes\CLSID\{9a4700c4-efb7-401b-896c-016b03531262}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000013a

"Therad"=dword:00000006

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3152)

c:\program files\ATI Technologies\HydraVision\HydraDMH.dll

c:\windows\system32\GIDHook.dll

c:\windows\system32\GIDBIN1.dll

c:\windows\system32\EasyHook32.dll

c:\program files\FileZilla FTP Client\fzshellext.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atiesrxx.exe

c:\windows\system32\atieclxx.exe

c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\dlbucoms.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program files\Secunia\PSI\PSIA.exe

c:\program files\Secunia\PSI\sua.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe

c:\windows\system32\iashost.exe

c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

c:\windows\system32\DllHost.exe

c:\windows\sttray.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Constant Guard Protection Suite\IDVault.exe

c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe

c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe

c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe

c:\users\Joecool\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Microsoft IntelliType Pro\dpupdchk.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\windows\system32\msiexec.exe

c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-06-09 13:53:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-09 18:53

ComboFix2.txt 2012-06-08 22:53

.

Pre-Run: 25,876,586,496 bytes free

Post-Run: 25,879,539,712 bytes free

.

- - End Of File - - D1D8FD376C0C1966D989A469F3C25E9F

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Well, it seems as though things are working. Firefox and Chrome aren't closing after I open them, and I haven't gotten the thing where Firefox stops me from going to my Facebook. So if there was something there, you have nabbed it.

Now, just to be safe, if this stuff starts coming back, should I post in this thread again? Or should I make a totally new one?

Also, I would like to thank you again for helping me through this, I wouldn't have been able to do anything without your expertise. Thank you Maniac!

Link to post
Share on other sites

Glad I could help! :)

Now, just to be safe, if this stuff starts coming back, should I post in this thread again? Or should I make a totally new one?

If you have the same problem, let me know to open this thread, if there is another kind of problem start a new thread.

Now, please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete TDSSKiller, aswMBR and DDS. Also, uninstall ESET Online Scanner.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Alright, here are both logs. Thanks for helping me on this again.

OTL Log

OTL logfile created on: 6/12/2012 11:32:06 AM - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Joecool\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19222)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 52.46% Memory free

6.71 Gb Paging File | 4.72 Gb Available in Paging File | 70.41% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 33.89 Gb Free Space | 15.21% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.50 Gb Free Space | 55.03% Space Free | Partition Type: NTFS

Drive F: | 931.28 Gb Total Space | 838.09 Gb Free Space | 89.99% Space Free | Partition Type: FAT32

Computer Name: JOE | User Name: Joecool | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 11:30:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Joecool\Desktop\OTL.exe

PRC - [2012/06/01 18:06:34 | 000,296,672 | ---- | M] (Microsoft Corporation) -- C:\Users\Joecool\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

PRC - [2012/06/01 17:43:42 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2012/06/01 17:42:34 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2012/05/24 15:23:43 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2012/05/21 15:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2012/05/18 12:29:40 | 000,065,648 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

PRC - [2012/05/18 12:29:35 | 006,038,128 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe

PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Joecool\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/04/23 19:37:44 | 000,609,624 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster 3\gbtray.exe

PRC - [2012/04/05 21:56:18 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/03/26 19:34:44 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/01 15:24:20 | 002,624,512 | ---- | M] () -- C:\Users\Joecool\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe

PRC - [2011/11/20 19:25:20 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe

PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe

PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe

PRC - [2011/10/14 01:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe

PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files\SFT\GuardedID\GIDD.exe

PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe

PRC - [2010/02/02 23:24:26 | 000,385,024 | ---- | M] (AMD) -- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe

PRC - [2010/01/04 21:25:02 | 000,094,208 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe

PRC - [2010/01/04 21:24:24 | 000,077,824 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe

PRC - [2010/01/04 21:23:22 | 000,888,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/01/19 02:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe

PRC - [2007/02/28 18:38:18 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbucoms.exe

PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe

PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/11 21:45:27 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/06/11 21:45:27 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012/06/06 03:02:25 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012/06/06 03:02:25 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2012/05/24 15:23:42 | 020,313,384 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll

MOD - [2012/05/24 15:23:35 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll

MOD - [2012/05/24 15:23:35 | 000,895,312 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll

MOD - [2012/05/24 15:23:35 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll

MOD - [2012/05/24 15:23:35 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll

MOD - [2012/05/12 04:17:28 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\be701ce708835e0162cb863d3a4eeb49\WindowsFormsIntegration.ni.dll

MOD - [2012/05/12 04:13:25 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll

MOD - [2012/05/12 04:12:05 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll

MOD - [2012/05/12 04:11:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/05/12 04:11:34 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll

MOD - [2012/05/12 04:11:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012/05/12 04:11:25 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll

MOD - [2012/05/12 04:11:13 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll

MOD - [2012/05/12 04:10:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/05/12 04:08:45 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012/05/12 04:08:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll

MOD - [2012/05/12 04:08:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll

MOD - [2012/05/12 04:07:42 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll

MOD - [2012/05/12 04:07:30 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll

MOD - [2012/05/12 04:07:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll

MOD - [2012/05/12 04:07:01 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll

MOD - [2012/05/12 04:06:32 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll

MOD - [2012/05/12 04:06:13 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll

MOD - [2012/05/12 04:06:08 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/05/12 04:05:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2012/04/05 22:00:20 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2012/04/05 21:56:24 | 000,095,232 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2011/12/01 15:24:20 | 002,624,512 | ---- | M] () -- C:\Users\Joecool\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe

MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll

MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2007/05/04 05:09:58 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL

========== Win32 Services (SafeList) ==========

SRV - [2012/06/11 14:01:37 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/01 17:42:34 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/06/01 10:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/29 18:26:35 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)

SRV - [2012/05/24 15:23:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/05/18 12:29:40 | 000,065,648 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)

SRV - [2012/04/05 21:56:18 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe -- (N360)

SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/02/28 18:38:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbucoms.exe -- (dlbu_device)

SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Joecool\AppData\Local\Temp\oflpydin.sys -- (oflpydin)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh6.sys -- (BCMH43XX)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ardqqraf)

DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)

DRV - [2012/06/09 00:06:38 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120611.034\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/06/09 00:06:38 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120611.034\NAVENG.SYS -- (NAVENG)

DRV - [2012/06/01 17:43:34 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2012/06/01 17:42:59 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2012/06/01 17:42:59 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2012/06/01 17:42:34 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)

DRV - [2012/06/01 08:34:11 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/06/01 08:34:11 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/04/27 19:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120609.001\IDSvix86.sys -- (IDSVix86)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/04/02 18:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120531.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012/03/05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.0)

DRV - [2012/01/22 18:22:50 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2011/08/31 06:54:49 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/07/05 10:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\gidv2.sys -- (GIDv2)

DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2011/04/20 20:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symtdiv.sys -- (SYMTDIv)

DRV - [2011/03/31 14:54:32 | 001,073,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AE2500vista.sys -- (Linksys_adapter)

DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)

DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)

DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS)

DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)

DRV - [2010/11/01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Running] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)

DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)

DRV - [2010/01/28 09:33:28 | 000,097,792 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/08/04 01:43:58 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2009/08/04 01:43:58 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2008/06/10 15:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)

DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/11/01 15:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..\SearchScopes\{84E93858-F120-4587-9B11-03C967918222}: "URL" = http://www.google.co...{outputEncoding?}

IE - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-02-27 00:03:26&v=10.0.0.7&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d

FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0

FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1

FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0

FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9

FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1

FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joecool\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joecool\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_8_3 [2012/06/11 18:51:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 20:02:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Joecool\AppData\Roaming\IDM\idmmzcc5

[2012/06/07 19:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joecool\AppData\Roaming\mozilla\Extensions

[2010/05/29 18:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joecool\AppData\Roaming\mozilla\Extensions\celtx@celtx.com

[2012/06/11 14:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions

[2012/06/11 14:24:18 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2012/06/11 14:24:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012/06/11 14:24:35 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

[2012/06/11 14:24:17 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com

[2012/06/11 14:24:18 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\support@lastpass.com

[2012/06/07 20:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG

File not found (No name found) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM

File not found (No name found) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE

File not found (No name found) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG

File not found (No name found) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG

File not found (No name found) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG

File not found (No name found) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG

[2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.avg.c...sa&d=2012-02-27 00:03:26&v=10.2.0.3&sap=dsp&q={searchTerms}

CHR - default_search_provider: suggest_url = http://clients5.goog...{outputEncoding}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Joecool\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joecool\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joecool\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: TooManyTabs for Chrome = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.1_0\

CHR - Extension: WOT = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.4_0\

CHR - Extension: WOT = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: PanicButton = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.1_0\

CHR - Extension: AdBlock = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\

CHR - Extension: LastPass = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.6_0\

CHR - Extension: Allow Right-Click = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo\1.2.4_0\

CHR - Extension: Lazarus: Form Recovery = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\

CHR - Extension: FastestChrome - Browse Faster = C:\Users\Joecool\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.2.1_0\

O1 HOSTS File: ([2012/06/09 13:42:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.517.3\NativeBHO.dll (WhiteSky)

O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.

O3 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [DLBUCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()

O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000..\Run: [Akamai NetSession Interface] C:\Users\Joecool\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)

O4 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000..\Run: [skyDrive] C:\Users\Joecool\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000..\Run: [steam] C:\Program Files\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\ibryer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)

O4 - Startup: C:\Users\Joecool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Joecool\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found

O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found

O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2C6E0AE-A802-4789-B19F-B95E0DB6F417}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97EF8F4-5B7B-4D60-A93D-31E51F9A72EF}: DhcpNameServer = 68.87.72.134 68.87.77.134

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - No CLSID value found.

O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - No CLSID value found.

O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - No CLSID value found.

O24 - Desktop WallPaper: C:\Users\Joecool\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Joecool\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\...com [@ = comfile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 11:30:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Joecool\Desktop\OTL.exe

[2012/06/11 14:01:48 | 000,000,000 | ---D | C] -- C:\Users\Joecool\AppData\Local\Macromedia

[2012/06/10 13:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/06/09 13:53:10 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/06/09 13:53:10 | 000,000,000 | ---D | C] -- C:\Users\Joecool\AppData\Local\temp

[2012/06/09 13:42:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/06/08 17:18:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/06/08 17:18:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/06/08 17:18:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/06/08 17:18:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/06/07 20:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012/06/07 20:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/06/07 19:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7

[2012/06/07 19:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/06/07 19:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/06/07 19:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services

[2012/06/07 19:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services

[2012/06/07 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/06/07 19:30:58 | 000,000,000 | ---D | C] -- C:\Users\Joecool\AppData\Local\Secunia PSI

[2012/06/07 19:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia

[2012/06/06 21:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/06/06 21:18:01 | 011,035,168 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

[2012/06/06 21:17:57 | 000,000,000 | ---D | C] -- C:\Users\Joecool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass

[2012/06/06 21:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass

[2012/06/06 21:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass

[2012/06/06 20:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/06/06 03:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/06/06 03:02:04 | 000,000,000 | ---D | C] -- C:\Users\Joecool\AppData\Roaming\SUPERAntiSpyware.com

[2012/06/06 03:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/06/06 03:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/06/06 03:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/06/01 17:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/06/01 17:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP

[2012/06/01 17:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

[2012/06/01 17:43:40 | 000,451,072 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe

[2012/06/01 17:43:37 | 000,020,992 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll

[2012/06/01 17:43:18 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll

[2012/06/01 17:42:34 | 000,217,600 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe

[2012/05/30 20:45:02 | 000,000,000 | ---D | C] -- C:\Users\Joecool\AppData\Roaming\.Nitrous

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/12 11:30:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Joecool\Desktop\OTL.exe

[2012/06/12 11:27:21 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/12 11:27:18 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/12 11:27:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/12 01:43:29 | 000,635,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/12 01:43:28 | 000,117,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/11 18:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/11 16:03:14 | 000,000,215 | ---- | M] () -- C:\Users\Joecool\Desktop\Total War SHOGUN 2.url

[2012/06/09 13:42:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/06/07 20:02:14 | 000,000,872 | ---- | M] () -- C:\Users\Joecool\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/06/07 20:02:13 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/07 19:30:49 | 000,000,901 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2012/06/07 15:08:21 | 000,001,008 | ---- | M] () -- C:\Users\Joecool\Desktop\Chrome.lnk

[2012/06/06 21:18:01 | 011,035,168 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

[2012/06/06 21:18:00 | 000,001,128 | ---- | M] () -- C:\Users\Joecool\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk

[2012/06/05 14:51:01 | 000,003,384 | ---- | M] () -- C:\Users\Joecool\AppData\Local\d3d9caps.dat

[2012/06/01 17:43:42 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

[2012/06/01 17:43:39 | 000,245,896 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb

[2012/06/01 17:43:37 | 002,664,704 | ---- | M] () -- C:\Windows\System32\atiumdva.cap

[2012/06/01 17:43:37 | 000,020,992 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll

[2012/06/01 17:43:20 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll

[2012/06/01 17:43:18 | 000,052,736 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll

[2012/06/01 17:43:15 | 000,038,159 | ---- | M] () -- C:\Windows\atiogl.xml

[2012/06/01 17:42:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll

[2012/06/01 17:42:34 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

[2012/05/24 15:19:34 | 000,002,066 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk

[2012/05/16 22:27:55 | 000,239,104 | ---- | M] () -- C:\Users\Joecool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/11 16:03:14 | 000,000,215 | ---- | C] () -- C:\Users\Joecool\Desktop\Total War SHOGUN 2.url

[2012/06/08 17:18:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/06/08 17:18:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/06/08 17:18:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/06/08 17:18:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/06/08 17:18:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/06/07 20:02:13 | 000,000,872 | ---- | C] () -- C:\Users\Joecool\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/06/07 20:02:13 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/06/07 20:02:13 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/07 19:30:49 | 000,000,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2012/06/07 19:30:49 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

[2012/06/07 15:08:21 | 000,001,008 | ---- | C] () -- C:\Users\Joecool\Desktop\Chrome.lnk

[2012/06/06 21:18:00 | 000,001,128 | ---- | C] () -- C:\Users\Joecool\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk

[2012/06/01 17:43:38 | 000,245,896 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb

[2012/06/01 17:43:29 | 002,664,704 | ---- | C] () -- C:\Windows\System32\atiumdva.cap

[2012/06/01 17:43:14 | 000,038,159 | ---- | C] () -- C:\Windows\atiogl.xml

[2012/06/01 17:42:36 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

[2012/04/05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe

[2012/03/22 21:24:38 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/12/06 18:59:37 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011/11/05 21:07:21 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll

[2011/10/02 23:42:50 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011/10/02 23:42:20 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011/10/02 23:42:19 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011/10/02 12:18:47 | 000,000,552 | ---- | C] () -- C:\Users\Joecool\AppData\Local\d3d8caps.dat

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010/10/05 15:58:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/03/15 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\ibryer\AppData\Roaming\FUJIFILM

[2011/09/02 12:36:10 | 000,000,000 | ---D | M] -- C:\Users\ibryer\AppData\Roaming\ID Vault

[2007/05/08 09:56:58 | 000,000,000 | ---D | M] -- C:\Users\ibryer\AppData\Roaming\WildTangent

[2012/06/03 12:23:46 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\.minecraft

[2012/05/31 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\.Nitrous

[2011/12/26 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Atari

[2012/04/15 23:16:12 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Audacity

[2011/05/26 21:25:37 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Auslogics

[2012/05/26 22:17:22 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Azureus

[2012/03/24 20:51:02 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\CBS Interactive

[2012/04/22 21:57:52 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\DAEMON Tools Lite

[2011/11/11 17:43:24 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\DMCache

[2011/12/19 16:21:55 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Dropbox

[2007/05/09 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Earthlink

[2012/03/30 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\FileZilla

[2011/03/15 18:54:29 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\FUJIFILM

[2010/05/29 18:35:46 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Greyfirst

[2010/07/29 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\gtk-2.0

[2011/09/01 19:12:21 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\ID Vault

[2011/11/11 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\IDM

[2011/05/26 22:48:15 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\IObit

[2007/05/21 18:47:30 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Laplink

[2007/05/08 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Leadertech

[2007/07/10 21:42:30 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Lionhead Studios

[2012/06/01 16:36:41 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Mount&Blade Warband

[2011/12/23 17:35:40 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Nicalis

[2009/06/16 16:11:47 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Nikon

[2010/12/09 19:45:19 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\PCDr

[2010/10/28 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Polynomial

[2012/01/07 17:09:48 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Rainmeter

[2009/07/30 12:31:05 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\SPORE

[2009/02/24 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Stardock

[2011/03/04 05:33:20 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\System

[2012/03/27 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\SystemRequirementsLab

[2012/06/11 22:38:19 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\The Creative Assembly

[2011/07/10 14:44:23 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Tropico 3

[2011/05/26 20:08:04 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Tropico 3 Demo

[2010/11/02 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Ubisoft

[2010/08/13 00:10:30 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Wargaming.Net

[2007/09/10 18:58:02 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\WildTangent

[2009/04/19 12:12:56 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Windows Live Writer

[2011/05/19 22:53:19 | 000,000,000 | -HSD | M] -- C:\Users\Joecool\AppData\Roaming\wyUpdate AU

[2011/12/12 18:25:41 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job

[2012/06/11 18:49:44 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/03/17 14:48:20 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{782D4CFA-2397-4DCA-9C78-4473E8DD3873}.job

[2011/06/30 20:54:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DF39FEA7-DB07-4B87-99F3-36A63141323E}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:07BF512B

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >

Link to post
Share on other sites

Extras Log

OTL Extras logfile created on: 6/12/2012 11:32:06 AM - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Joecool\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19222)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 52.46% Memory free

6.71 Gb Paging File | 4.72 Gb Available in Paging File | 70.41% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 33.89 Gb Free Space | 15.21% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.50 Gb Free Space | 55.03% Space Free | Partition Type: NTFS

Drive F: | 931.28 Gb Total Space | 838.09 Gb Free Space | 89.99% Space Free | Partition Type: FAT32

Computer Name: JOE | User Name: Joecool | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

.cmd [@ = cmdfile] -- Reg Error: Key error. File not found

.com [@ = comfile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.pif [@ = piffile] -- Reg Error: Key error. File not found

.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00DE07DE-D83F-4B52-8653-411FC65E5048}" = rport=139 | protocol=6 | dir=out | app=system |

"{08464DAD-24D7-4185-96C4-F6C565E6ABF1}" = rport=445 | protocol=6 | dir=out | app=system |

"{0EFE822E-3CBB-48D0-AEA9-C0198293AAA6}" = rport=10243 | protocol=6 | dir=out | app=system |

"{0F952066-9703-4A38-AB41-E1D1E53ECFAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{11F17C66-DB60-4848-8262-48E59E357D42}" = lport=138 | protocol=17 | dir=in | app=system |

"{1D3719AF-1DE1-40A1-B2C3-C4BA6659B1E3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{31E8C3C7-9AA9-4D1A-B063-B7A3456A6FBB}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |

"{3D0A9F2F-4179-4AD8-8A18-87F2E286633D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4702E831-9DAC-4F02-81A9-E71F21303D8D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{5D9F684A-5C7E-4DE3-AE6D-4A7E97F94B75}" = lport=139 | protocol=6 | dir=in | app=system |

"{66DE47B5-6B76-42DB-89DF-1D72AE671E19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6F178939-0E60-4B69-9F46-EFABFBA03876}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{74AFC1DD-A66B-4B36-9A6A-9A92BDDA7286}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{796A8A38-A087-450D-A922-E44E209D976C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{7EE2C40D-B277-4975-92AF-6E688C3565B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{811558CC-BCDA-403E-8F70-0A17207A27D8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{855BF960-773E-42C7-9D6B-8885F28B27CB}" = rport=137 | protocol=17 | dir=out | app=system |

"{88A2D429-C9AF-4E25-9399-E2A75DBC456F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{8A34C469-234F-4F9C-AB41-1A0217245EA8}" = lport=445 | protocol=6 | dir=in | app=system |

"{93E098AC-C61F-4D91-84FD-25586123A282}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{94ABA386-97B7-493D-83B4-218CC6A263C2}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{94C04006-C3F6-4EF2-BB3F-026D0A53677F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{9CE53C26-906D-4E88-8030-C169C0A0FC6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9E68ED62-9D51-4A59-A467-F59F78E5625A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AC55E539-B3CA-488F-8748-05A7D1054F90}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{BA226C29-ADE6-4284-9ED4-DD18090333D1}" = rport=138 | protocol=17 | dir=out | app=system |

"{BA771B2E-071B-4D89-9DB3-69C0C863C8F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BCAB2A94-425A-4106-B5F3-3C1770C16EC1}" = lport=52252 | protocol=6 | dir=in | name=akamai netsession interface |

"{CE3E9EA1-055B-4A25-9D93-89B9A2DD3746}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{D32FB666-2B27-4051-BF2B-859346CD13B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D5469F09-7863-4A4E-9B4B-EE020C281B8B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{D5AABEBD-E74B-48CF-BC33-DC5E4058091C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E4C9B932-4021-4228-9179-8A5897B04789}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F09B3D50-19DF-4E6A-BDB1-CEA4C0FC96E5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{F26F4B8D-ADE5-4F06-8A65-A0AEC2BC9CAD}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |

"{F576966C-0D03-4747-9B47-4CAF60C0A61D}" = lport=137 | protocol=17 | dir=in | app=system |

"{FBCF7602-E685-4756-ADF0-2838117466BD}" = lport=65516 | protocol=6 | dir=in | name=akamai netsession interface |

"{FF64F0F6-5EEC-4870-851A-F639C1FEDA25}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01A52E1C-AB43-4CD0-ACB9-C3DEA34E324A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |

"{02D14D6B-4012-4EBB-BF2B-074FFAEAE279}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{09B5FA3D-AD17-4D07-B885-BCC292268982}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{0F64DE7F-BAFE-4ACF-8AA0-C6E9872A2565}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |

"{0F86F566-7B11-4108-BD2D-14C60E71E0E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{0FD4DD18-306E-485C-9E73-45299B5EF331}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{119CEC79-E719-4F8D-8877-165F6ABD2915}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |

"{153D782D-09E9-40D8-ABB8-02F094FD291E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{17C78D90-5DE6-4BA7-B8D9-3D9167D49B8A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{198240F1-CBAA-47F1-81EE-83FA66263F1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1D3501E3-6A9B-464F-83DA-4507995ABC7F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{1E441D3D-49D5-4378-9B1F-30D3595BF0EA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{1E9607B4-7EA5-44CC-9C80-79B96F885FB3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{2CFD9C6A-B9F2-49F7-A7C3-55D1E9EF7F38}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |

"{2DF1DA02-693D-489F-8BEB-63007956D68E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |

"{2E0E5236-1C9B-4ADE-8AB5-3B73ACDF6E94}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_online.exe |

"{2EFCCA69-B897-415C-B530-5057DD88FB34}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{32FEB86B-599A-41A6-93E9-B63BDE3F5EB1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{34C74CC1-3136-45E6-A710-21A788F5EC55}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |

"{3884223E-A723-427D-B731-207FEF64FC93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{39136EF8-6CEE-40C9-A1E8-AB18558ED0C4}" = protocol=6 | dir=in | app=c:\windows\system32\dlbucoms.exe |

"{43273AB4-454E-4A09-BE5B-10D7A60D484C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2\justcause2.exe |

"{44AAA984-2B98-4051-B7E0-54F8AF551EBA}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |

"{47AE2B6D-A748-462F-91DB-9B9A5D76F638}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{4A8B86C4-DA40-408E-B58F-8114A7B8A1B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5337E854-E33E-42CE-95A1-9C486B7F84CC}" = protocol=17 | dir=in | app=c:\windows\system32\dlbucoms.exe |

"{5384551D-275F-4137-B8D5-7A9C02831FE3}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_ds.exe |

"{5C29E4A6-B9AA-41E1-BF32-32C5D65772E6}" = protocol=6 | dir=out | app=system |

"{616A3E21-183B-46B2-B3AC-AA4496E9DDDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{618E8E71-99CF-419A-BD04-AAFE88847E36}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{6380712E-3469-44E8-8016-A9DB65CFCD39}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{6518F9FE-E9BF-4445-A9B0-E1FBD31EB109}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{66230305-A997-47B2-8D22-8BF3C1E46240}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{68CEB606-0D1C-43C6-88B1-95F67C07D082}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{72D60DFF-554F-4525-A2E0-8EF937F37AB3}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_ds.exe |

"{765592D6-3D9D-45B1-9F8B-0CE7446A1E8B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip runner\runner.exe |

"{7B0C5360-1CB2-4FDB-8D25-336A3F6F38A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7B72787A-9E23-42CF-AF2B-05AECED931E7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |

"{7B8C8341-0CBC-4233-B0E4-00C591F3A9FC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{7F1A2501-B127-414C-BAD3-95B1DDBA9E5C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{85C4BCD5-9CCC-4751-9F16-5B58E5D5DD2F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{8C3E8CCD-5255-4F3B-9794-073C9768D8CC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{908D5CA0-753A-407A-A33A-805E02A0F2E8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{90C62A7E-9E39-4379-A89B-CC9FBB4AF438}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{92275BE0-B80E-42FE-91E3-70482A28E507}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{9333FD8E-7088-4888-B196-FE5B1211D632}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{993A0BFC-FEED-4291-86D1-8122297F91E6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |

"{9981790D-D607-4082-A178-EE99F03D1231}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_online.exe |

"{9B260DB6-FB03-479B-9E16-97A7136EA423}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9D1EC2F0-D907-45FD-96F0-B5A879F96E1D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{A040C0A6-5288-4809-8723-6628716EA4AE}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |

"{A07B048F-34A0-4432-9162-02285865461F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{A0ED407F-5CDD-49B3-AC56-26F97E505A16}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |

"{A23E30B8-50AA-49B9-A46A-BA1F6329D66B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |

"{A2DCA983-E94C-40BF-A1C0-DF0542BBF66D}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |

"{A48E22E4-8715-4549-9FA5-EEF2785C4FAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |

"{A4EA97DF-6487-4E1D-9108-A26449A64856}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |

"{A87E3753-FE35-4D51-B416-17948CB81369}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\risen\bin\risen.exe |

"{ABAD9BD6-1A0F-417F-B20A-C83084643115}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AC982029-08B1-4188-93E4-117E986F4F1D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{ACAF7D30-E696-4318-8AA6-06CF0E4718EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{AD0E9BE1-DF55-4772-BBFE-AD8666697196}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{AD95A9A4-CB9B-4BC8-95AC-20C08803DDDF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |

"{C005D2DF-7CA5-4BDD-80B3-D55837A8264C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\risen\bin\risen.exe |

"{C0D2DBCF-330D-43A1-9C11-37CCDF871631}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |

"{C35EC512-9C82-47FC-B186-2C72C911208D}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |

"{C5798817-6278-44E1-93F7-2276B6BCC4EB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |

"{CBEB5EDF-1CE1-470B-BE26-0F9945F782EB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{CD9CB8FA-83E2-4866-BAF3-828A1E15D072}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{CE962A86-172D-4409-A8F5-E146B3423D76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2\justcause2.exe |

"{D5036BCB-5A22-4C32-9DC5-8F04FC178D7C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip runner\runner.exe |

"{D6BC8694-32B9-4D53-8973-E51BD04ABE46}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{D737A0BF-F635-464A-A758-5C7EF31B8413}" = protocol=17 | dir=in | app=c:\users\joecool\appdata\local\microsoft\skydrive\skydrive.exe |

"{D941AA13-50C5-4F7D-81CF-CAA54EF866B9}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |

"{DB6E6BDA-7308-48EF-904A-3C63016428D4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |

"{DC5CE876-8DCE-4BED-900E-623AF966FEB4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{DE3A55DE-8802-4310-A574-DF440BB03C76}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |

"{DE95309A-CF66-4F19-A1C1-86ED1E644404}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{DEFBCBC3-DCFB-4A12-BC4C-17EA646E89F8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{E27C1BBC-9F85-4272-9D69-168131858432}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |

"{E2CC4D6F-38D7-4881-B1CD-AC230B1D491C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E34C8623-0509-4308-9B5B-377F0A520F6E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |

"{E57B3E01-44C1-4DBA-8EF2-E459ECA0C67B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{E82A3075-D8C2-4D2D-85AD-48583121F4FA}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |

"{E9919852-A5F1-4D2F-834D-917B33B66D7F}" = protocol=6 | dir=in | app=c:\users\joecool\appdata\local\microsoft\skydrive\skydrive.exe |

"{EBA4E49E-02E5-480B-87E7-B41C64EAB8CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F0A98DED-862B-438C-858A-A0AC0A34BA74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F5457252-3204-4B76-B230-153AB4442BCD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{F61BB0A9-D9BC-4A5A-84EF-259EA7879492}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |

"{FC284427-F448-4B68-9865-5C41DACCB0BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FD29581D-8552-417D-972C-87AE9C8E3A07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{9CAAB1B4-6559-4F6B-BEF9-A3E3CC1E96A3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{CCF13FFE-A62F-4794-9357-C4CEB461A697}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{CEAF5394-41A3-42F7-9A17-7E51BC7FA23C}C:\program files\sierra entertainment\world in conflict\wic.exe" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |

"TCP Query User{DA208DBB-6B64-4EA1-B68A-F598E7DD841C}C:\users\joecool\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\joecool\appdata\local\akamai\netsession_win.exe |

"TCP Query User{EF16B60E-A6DC-4CED-80EC-070A9D78F625}C:\users\joecool\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\joecool\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"UDP Query User{5AD430CE-A2AF-4AAF-9041-D0E51A4D35A6}C:\users\joecool\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\joecool\appdata\local\akamai\netsession_win.exe |

"UDP Query User{8796159C-06AA-46DB-9024-5C96BC52016A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{A3ECE4C7-BFA3-4A36-A868-7F22D93722B5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"UDP Query User{B8C604D7-475C-4CF1-866E-2907A6B74577}C:\users\joecool\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\joecool\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"UDP Query User{E1FB89A3-4047-4452-8F68-7F6D19F3A108}C:\program files\sierra entertainment\world in conflict\wic.exe" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{24C898EC-4181-7812-5644-4E348533B532}" = ccc-utility

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision

"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40939C6D-8F27-40B8-9CBC-72701624185D}" = Redistributed Files

"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta

"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{7083067F-42F5-41AF-8422-E22EA391791C}" = World In Conflict Editor

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7797C70B-11EB-446A-9B1E-3D9039DB581F}" = TotalAccess Core Applications

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-1148-0409-0000-0000000FF1CE}" = Microsoft Office Web Apps Browser Plugin

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2

"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9FE08B0-7804-43FF-8B90-04EEC285FFF6}" = Microsoft Office Live Add-in Patches

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B9BA9CC8-B0A2-00C8-780E-B82A066E48C6}" = AMD Catalyst Install Manager

"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3

"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Impulse

"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D3B3B770-834E-CD77-FA6C-C4C6BF439B1C}" = AMD Fuel

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common

"{E27ABEAB-2A23-737E-D290-FC42D45FCDA8}" = ATI AVIVO Codecs

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine®2 Sandbox™2

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9

"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict

"{F3885DDF-E711-4F14-B4C9-5CA3F07A13E9}" = PCsync

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{FD4A0D0F-21BC-4D7C-8EF8-4161513812BA}" = MapBuilder

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF087B26-DD20-4DD0-B97F-0B08B76A04D1}" = Deal Info

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.22beta

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Akamai" = Akamai NetSession Interface Service

"Audacity_is1" = Audacity 2.0

"CCleaner" = CCleaner

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Crysis WARHEAD®" = Crysis WARHEAD®

"DAEMON Tools Lite" = DAEMON Tools Lite

"Defraggler" = Defraggler

"Explorer Suite_is1" = Explorer Suite III

"FileZilla Client" = FileZilla Client 3.5.3

"Game Booster_is1" = Game Booster 3

"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21

"Google Updater" = Google Updater

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"ID Vault" = Constant Guard Protection Suite

"Impulse" = Impulse

"LAME_is1" = LAME v3.99.3 (for Windows)

"LastPass" = LastPass (uninstall only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"N360" = Norton Security Suite

"OpenAL" = OpenAL

"PolarClock3" = PolarClock3 Screen Saver

"Rainmeter" = Rainmeter

"Recuva" = Recuva

"Revo Uninstaller" = Revo Uninstaller 1.92

"Secunia PSI" = Secunia PSI (2.0.0.4003)

"Sins of a Solar Empire" = Sins of a Solar Empire

"Speccy" = Speccy

"Stardock Impulse" = Stardock Impulse

"Steam App 16830" = Sid Meier's Civilization V SDK

"Steam App 22380" = Fallout: New Vegas

"Steam App 34030" = Napoleon: Total War

"Steam App 34330" = Total War: SHOGUN 2

"Steam App 400" = Portal

"Steam App 40300" = Risen

"Steam App 440" = Team Fortress 2

"Steam App 63710" = BIT.TRIP RUNNER

"Steam App 8190" = Just Cause 2

"Steam App 8930" = Sid Meier's Civilization V

"SystemRequirementsLab" = System Requirements Lab

"Victoria II A House Divided 2.1" = Victoria II A House Divided 2.1

"VLC media player" = VLC media player 2.0.1

"WinLiveSuite" = Windows Live Essentials

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"CNET TechTracker" = CNET TechTracker

"Google Chrome" = Google Chrome

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"PIL-py2.7" = Python 2.7 PIL-1.1.7

"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/13/2010 5:01:36 PM | Computer Name = Joe | Source = Application Hang | ID = 1002

Description = The program GTAIV.exe version 1.0.7.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Problem Reports and Solutions control panel. Process

ID: 91c Start Time: 01cb22c03594b6be Termination Time: 161

Error - 7/13/2010 10:24:09 PM | Computer Name = Joe | Source = Application Hang | ID = 1002

Description = The program GTAIV.exe version 1.0.7.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Problem Reports and Solutions control panel. Process

ID: 10f0 Start Time: 01cb22ceb97583ce Termination Time: 24811

Error - 7/14/2010 1:47:50 AM | Computer Name = Joe | Source = MsiInstaller | ID = 11706

Description =

Error - 7/14/2010 7:01:09 PM | Computer Name = Joe | Source = VSS | ID = 8194

Description =

Error - 7/14/2010 7:17:57 PM | Computer Name = Joe | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Rockstar

Games\Grand Theft Auto IV\RGSC\RGSCLauncher.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/14/2010 7:24:43 PM | Computer Name = Joe | Source = System Restore | ID = 8193

Description =

Error - 7/15/2010 12:56:45 AM | Computer Name = Joe | Source = MsiInstaller | ID = 11706

Description =

Error - 7/15/2010 5:55:23 PM | Computer Name = Joe | Source = Application Hang | ID = 1002

Description = The program GTAIV.exe version 1.0.7.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Problem Reports and Solutions control panel. Process

ID: 163c Start Time: 01cb24681755a30c Termination Time: 76

Error - 7/15/2010 8:21:32 PM | Computer Name = Joe | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 1.9.2.3828 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1764 Start Time: 01cb247c62fb8b3c Termination Time: 26

Error - 7/17/2010 12:28:06 AM | Computer Name = Joe | Source = Application Hang | ID = 1002

Description = The program gimp-2.6.exe version 0.0.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 7e0 Start Time: 01cb2568454cca8c Termination Time: 4

[ DFS Replication Events ]

Error - 5/26/2011 9:14:47 PM | Computer Name = Joe | Source = DFSR | ID = 6104

Description = The DFS Replication service failed to register the WMI providers.

Replication is disabled until the problem is resolved. Additional Information: Error:

2147749902 (100e)

Error - 5/26/2011 9:14:47 PM | Computer Name = Joe | Source = DFSR | ID = 6104

Description = The DFS Replication service failed to register the WMI providers.

Replication is disabled until the problem is resolved. Additional Information: Error:

2147749902 (100e)

[ Media Center Events ]

Error - 7/10/2010 5:14:07 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/10/2010 5:37:40 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/11/2010 9:59:19 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/17/2010 6:47:41 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/19/2010 11:58:58 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/21/2010 11:41:33 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/11/2010 9:07:09 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/5/2010 7:11:03 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/23/2010 11:50:13 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/3/2011 4:00:08 PM | Computer Name = Joe | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]

Error - 10/3/2010 8:50:58 PM | Computer Name = Joe | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22

seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/14/2010 10:30:34 PM | Computer Name = Joe | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7

seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/30/2011 11:15:37 PM | Computer Name = Joe | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/17/2011 5:23:54 PM | Computer Name = Joe | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 6/9/2012 6:09:37 PM | Computer Name = Joe | Source = Microsoft-Windows-TaskScheduler | ID = 412

Description =

Error - 6/11/2012 3:19:03 AM | Computer Name = Joe | Source = DCOM | ID = 10016

Description =

Error - 6/11/2012 4:56:37 PM | Computer Name = Joe | Source = volsnap | ID = 393241

Description = The shadow copies of volume C: were deleted because the shadow copy

storage could not grow in time. Consider reducing the IO load on the system or

choose a shadow copy storage volume that is not being shadow copied.

Error - 6/11/2012 7:51:35 PM | Computer Name = Joe | Source = Microsoft-Windows-TaskScheduler | ID = 412

Description =

Error - 6/11/2012 11:37:15 PM | Computer Name = Joe | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/11/2012 11:37:15 PM | Computer Name = Joe | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/11/2012 11:46:58 PM | Computer Name = Joe | Source = netbt | ID = 4321

Description = The name "WORKGROUP :1d" could not be registered on the interface

with IP address 192.168.1.103. The computer with the IP address 192.168.1.100 did

not allow the name to be claimed by this computer.

Error - 6/12/2012 12:07:02 AM | Computer Name = Joe | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/12/2012 12:07:02 AM | Computer Name = Joe | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/12/2012 2:59:01 AM | Computer Name = Joe | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ardqqraf)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    IE - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6728ADEF-5A2B-4792-9B94-D64B4C307D8C}&mid=eedcfef0571b47d1bb5bd14acce4e9e6-0e4e5b7a79a006fbcd3b87b559d6279a5be5f0f9〈=en&ds=ts024&pr=sa&d=2012-02-27 00:03:26&v=10.0.0.7&sap=dsp&q={searchTerms}
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
    [2012/06/11 14:24:17 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com
    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={6728ADEF-5A2B-4792-9B94-D64B4C307D8C}&mid=eedcfef0571b47d1bb5bd14acce4e9e6-0e4e5b7a79a006fbcd3b87b559d6279a5be5f0f9〈=en&ds=ts024&pr=sa&d=2012-02-27 00:03:26&v=10.2.0.3&sap=dsp&q={searchTerms}
    O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O3 - HKU\S-1-5-21-615918264-1738823626-3537891774-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    [2012/05/26 22:17:22 | 000,000,000 | ---D | M] -- C:\Users\Joecool\AppData\Roaming\Azureus

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Here is the log is generated:

All processes killed

========== OTL ==========

Error: No service named ardqqraf was found to stop!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ardqqraf deleted successfully.

Service mfesmfk stopped successfully!

Service mfesmfk deleted successfully!

C:\Windows\System32\drivers\mfesmfk.sys moved successfully.

Service mferkdk stopped successfully!

Service mferkdk deleted successfully!

C:\Windows\System32\drivers\mferkdk.sys moved successfully.

HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\resource folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\META-INF folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\defaults\preferences folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\defaults folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\components folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\locale\ru-RU folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\locale\ja-JP folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\locale\fr-FR folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\locale\es-ES folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\locale\en-US folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\locale\de-DE folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\locale folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\content\includes folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\content\images\popup folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\content\images folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome\content folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com\chrome folder moved successfully.

C:\Users\Joecool\AppData\Roaming\mozilla\Firefox\Profiles\ujbsj46j.default\extensions\firefox@ghostery.com folder moved successfully.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.

Registry value HKEY_USERS\S-1-5-21-615918264-1738823626-3537891774-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

C:\Users\Joecool\AppData\Roaming\Azureus\updates folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\torrents folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\tmp folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\subs folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\shares folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\rss folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\plugins\azutp folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\plugins\azemp folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\plugins folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\net folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\logs folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\dht\net3 folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\dht folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\devices folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\cache folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus\active folder moved successfully.

C:\Users\Joecool\AppData\Roaming\Azureus folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56509 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Harry Civilization

->Temp folder emptied: 0 bytes

User: ibryer

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 871 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 6458917 bytes

->Google Chrome cache emptied: 594288 bytes

->Flash cache emptied: 1602 bytes

User: Joecool

->Temp folder emptied: 222760 bytes

->Temporary Internet Files folder emptied: 25677930 bytes

->Java cache emptied: 233350085 bytes

->FireFox cache emptied: 71636010 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 10853364 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 13836 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 333.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.48.0 log created on 06122012_200854

Also, there are a couple things I want to note. I don't know why, but a bunch of strange files and links have been appearing across my computer. Namely a bunch of files called "desktop.ini", two of which are now on my desktop, and a couple I found in my C drive. Also a bunch of strange links have also appeared in my C drive, like one called "$RECYCLE.BIN" which leads to my recycle, and one called "Documents and Settings" which is a link that doesn't lead anywhere. Also some .sys files have appeared in my OS C drive. Is this the result of OTL, or something else?

There was also a windows update released today, with various security fixes. Should I download it?

Link to post
Share on other sites

Also, there are a couple things I want to note. I don't know why, but a bunch of strange files and links have been appearing across my computer. Namely a bunch of files called "desktop.ini", two of which are now on my desktop, and a couple I found in my C drive. Also a bunch of strange links have also appeared in my C drive, like one called "$RECYCLE.BIN" which leads to my recycle, and one called "Documents and Settings" which is a link that doesn't lead anywhere. Also some .sys files have appeared in my OS C drive. Is this the result of OTL, or something else?

This is because we unhide the hidden files. Will be fixed after finish here.

There was also a windows update released today, with various security fixes. Should I download it?

After we finish here.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Ugh, I got to about 700,000 items scanned, and then my computer when I was gone decided to install the Windows Update by itself, killing the scan in the process (which was going very slow).

I've started it again, hopefully the WIndows Update doesn't mess things up here. It should finish in another day or two considering how slow it goes.

Link to post
Share on other sites

Well, my computer overheated today and I was forced to shut it down, of course taking the scan with it as well. I'm not sure I can run my computer for 8 days straight to let the scan finish without it overheating, which is what it estimated it's finish time would be. Here is the result from the one threat it detected during it's first run.

Status: Deleted (events: 1)

6/13/2012 8:45:19 PM Deleted Trojan program Trojan-Dropper.Win32.Dapato.awvk C:\Program Files\EU3 DW - MEIOU\MEIOU - Launcher.exe High

Should I attempt to run it again?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.