Jump to content

Infected think it has to do with MSSE/Microsoft Update


Recommended Posts

So I was doing what I normally do on my computer last night, playing Wow on one monitor while watching a TV show on MPC on my second with Firefox and a bunch of tabs minimized. I was prompted with a Windows warning msg telling me my Java was dangerously out of date, and the warning gave three options; Update now, Later, Do nothing. I was rather suspect of the warning msg that I had never seen before knowing that anything related to Java was the easiest way to get your computer infected with something. I fiddled around trying to close the warning box without actually choosing anything, but then I remembered that I had a Java update sitting in my system tray for a few days and I had just gotten lazy and not installed it. Figuring the msg was actually legitimate I clicked the Later option thinking I would just install the update before I went to sleep. Rather than just going away my computer right then decided to restart, and this wasn't a blue screen crash or anything, it restarted as if I had gone to the start menu with every program still on and clicked restart, it closed everything one at a time and restarted. When it came back up and I logged into Windows my computer hung while trying to load up its start up programs and it blue screen crashed. I went through this a few time and then started in Safe Mode with networking and was able to get into Windows fine. I then with my limited tech knowledge tried to "troubleshoot".

-First I updated MBAM and ran a full system scan and that came up clean, I then tried to update MSSE but encountered an error and just decided to run a quick scan which came up clean. Having changed nothing I decided to go after Java thinking it the culprit. I tried to uninstall it in Add/Remove but couldn't(might just be a safe mode thing) so I went to my C drive and just got rid of the folder. I restarted in normal and blue screened at the same point and went back to safe mode.

-Second I looked in the event viewer to try to find something error wise that might lead me to an answer via google. These 3 seemed useful and the later 2 lead me to these forums and a similar issue that one of your users seemed to resolve.

Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D

DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:

-Third I decided since everything ran fine in safe mode and I was crashing while Windows was starting up that I would start to disable start up programs and start Windows normally. First I went for the Java Updater that was still on the list, that didn't work and I blue screened. Remembering the Microsoft Security Client error I disabled that second and Windows started up normally.

-Forth I ran an AVG scan and it came back with 28 not great sounding infections all along the lines of:

"";"IRP hook, \Driver\iaStor IRP_MJ_WRITE -> 0xFFFFFA800CCE0674, <unknown>";"Infected"

I tried to fix them through AVG which had me restart, but when I ran another scan they were back.

-Sixth I ran Windows Update which had me restart after, which promptly blue screened my again after logging into Windows, after a restart I was able to get back in again fine.

-Seventh I ran an MBAM quick scan and it came back with nothing, so I came here knowing something was wrong but being about out of ideas beyond a reformat to fix things. Hope my "troubleshooting" doesn't make it harder for you to try to get me to a solution.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2

Run by Kyle Winninghoff at 15:40:44 on 2013-05-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8238 [GMT -7:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\syswow64\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Windows\system32\lxdpcoms.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Logitech\SetPoint II\SetPointII.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe

C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe

C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Mumble\mumble.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [ROC_ROC_APR2013_AV] C:\Users\Kyle Winninghoff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1e016d2c33a647d6b9d1f186769500ce-5c87895d3b356dd23a1434c2b3f9f54daa8ce9d9 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013

mRun: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe"

mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe

mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - <no file>

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{066BAA1E-9784-467E-935F-59E5CEC69D9C} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{98DC3924-DC6A-48C8-9486-CEA55A386707} : DHCPNameServer = 209.18.47.61 209.18.47.62

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Run: [lxdpmon.exe] "C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe"

x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe"

x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

x64-Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"

x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kyle Winninghoff\AppData\Roaming\Mozilla\Firefox\Profiles\q9awmc5p.default-1347400038011\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2010-11-30 14592]

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]

R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-11-29 210016]

R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-11-29 141920]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBios.sys [2010-2-3 30384]

R2 lxdp_device;lxdp_device;C:\Windows\System32\lxdpcoms.exe -service --> C:\Windows\System32\lxdpcoms.exe -service [?]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]

R2 XTUService;Intel® Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-4-9 22280]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 ICTDrv;ICTDrv;C:\Windows\System32\drivers\ICTDrv.sys [2009-7-10 22488]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-5-12 154624]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 ATICDSDr;ATICDSDr;C:\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys [2007-11-1 6656]

S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE1200w764.sys [2011-3-30 1254464]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-19 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-19 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-1 1255736]

.

=============== Created Last 30 ================

.

2013-05-03 21:47:26 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33F8D563-287E-4734-9DBD-B72E24C164EA}\mpengine.dll

2013-05-03 12:46:43 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-24 06:01:55 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-23 21:56:45 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F71EDD8-1A64-4E38-A344-2CAA8F98648C}\gapaengine.dll

2013-04-19 19:13:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-19 19:12:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-04-19 19:10:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-04-19 19:10:59 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-04-19 19:10:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-04-19 19:10:59 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-04-19 19:10:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-04-19 19:10:59 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-04-19 19:10:59 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2013-04-19 18:45:19 -------- d-----w- C:\Users\Kyle Winninghoff\AppData\Local\Programs

2013-04-12 22:15:03 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe

2013-04-10 20:23:13 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 20:23:11 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-10 20:23:09 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 20:23:08 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 20:23:08 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 20:23:06 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-10 20:23:05 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 20:23:05 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-06 10:08:17 -------- d-----w- C:\Users\Kyle Winninghoff\AppData\Local\Amazon

2013-04-06 10:08:12 -------- d-----w- C:\Program Files (x86)\Amazon

.

==================== Find3M ====================

.

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-19 19:06:55 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-19 19:06:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-06 05:00:59 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-04-06 05:00:59 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-04-06 05:00:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-20 18:25:40 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-20 18:25:38 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-20 18:25:38 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

.

============= FINISH: 15:41:03.39 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/30/2010 9:39:15 PM

System Uptime: 5/4/2013 2:35:24 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | SABERTOOTH X58

Processor: Intel® Core i7 CPU 950 @ 3.07GHz | LGA1366 | 3068/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 331.596 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 596 GiB total, 118.314 GiB free.

F: is FIXED (NTFS) - 2794 GiB total, 2121.049 GiB free.

G: is FIXED (NTFS) - 932 GiB total, 259.95 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP389: 4/25/2013 2:47:21 PM - Windows Update

RP390: 4/29/2013 6:19:23 AM - Windows Update

RP391: 5/2/2013 6:43:29 AM - Windows Update

RP392: 5/4/2013 1:53:32 PM - Removed Java 7 Update 17

RP393: 5/4/2013 2:24:36 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

AaAaAA!!! - A Reckless Disregard for Gravity

Acrobat.com

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Advertising Center

AIM 7

Amazon Kindle

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Application Profiles

Assassin's Creed

ASUS Ai Charger

ASUS E-Green Uninstall

ASUSUpdate

Audiosurf

AutoHotkey 1.0.48.05

AVG 2012

AVG 2013

Bastion

Battlefield 3™

Battlelog Web Plugins

Beat Hazard

BIT.TRIP BEAT

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cities XL 2011

Combined Community Codec Pack 2010-10-10

Darwinia

Day of Defeat: Source

DEFCON

Defense Grid: The Awakening

Diablo III

Download Updater (AOL LLC)

Driver Sweeper version 3.2.0

Dropbox

E-Hammer

Empire: Total War

erLT

ESN Sonar

Fan Xpert

FileZilla Client 3.6.0.2

GOM Player

Google Drive

Google Update Helper

Guild Wars 2 Gw2Dev

Heroes of Newerth

ImagXpress

Intel Extreme Tuning Utility 2.0.143.16

Intel® SMBus

Intel® Matrix Storage Manager

Java Auto Updater

JMicron JMB36X Driver

Just Cause 2

Killing Floor

Left 4 Dead

Left 4 Dead 2

Lexmark Z2300 Series

Logitech SetPoint 5.20

Magicka

Malwarebytes Anti-Malware version 1.75.0.1300

marvell 91xx driver

Mass Effect

Mass Effect 2

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

mIRC

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble and Murmur

Natural Selection 2

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

NVIDIA PhysX

OpenAL

Origin

PC Probe II

PlanetSide 2

Plants vs. Zombies: Game of the Year

Portal

Portal 2

PunkBuster Services

Razer BlackWidow Ultimate

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

RIFT

Roll

RUSH

Saints Row: The Third

Sanctum

Seagate DiscWizard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Sid Meier's Civilization V

SimCity™

Sins of a Solar Empire: Rebellion

Skype™ 5.10

SmoothPING Elite

Star Wars: The Old Republic

Steam

Super Meat Boy

swMSM

Team Fortress 2

Toki Tori

Torchlight

Total War: SHOGUN 2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

User's Guides

Veetle TV

Ventrilo Client for Windows x64

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 0.9.2

Windows Live OneCare safety scanner

WinRAR archiver

World of Goo

World of Warcraft

World of Warcraft Public Test

.

==== Event Viewer Messages From Past Week ========

.

5/4/2013 6:23:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

5/4/2013 6:23:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

5/4/2013 5:51:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800034bddda, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-32307-01.

5/4/2013 5:48:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PnkBstrA service to connect.

5/4/2013 5:48:44 AM, Error: Service Control Manager [7000] - The PnkBstrA service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/4/2013 5:44:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

5/4/2013 5:42:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

5/4/2013 5:38:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

5/4/2013 5:37:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

5/4/2013 5:31:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

5/4/2013 3:36:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80003495315). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-32370-01.

5/4/2013 3:33:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Nero BackItUp Scheduler 4.0 service to connect.

5/4/2013 3:33:44 AM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/4/2013 3:24:52 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

5/4/2013 3:19:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/4/2013 3:19:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

5/4/2013 3:19:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034fbd35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-36863-01.

5/4/2013 3:19:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO AVGIDSDriver Avgldx64 Avgtdia DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf

5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/4/2013 3:19:02 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/4/2013 3:19:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/4/2013 3:14:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80003505d35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-46535-01.

5/4/2013 3:11:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff8000347e315). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-46925-01.

5/4/2013 2:52:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.149.1247.0).

5/4/2013 2:50:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1193.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80070643 Error description: Fatal error during installation.

5/4/2013 2:36:23 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

5/4/2013 2:33:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

5/4/2013 2:33:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

5/4/2013 2:32:57 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

5/4/2013 2:32:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/4/2013 2:32:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/4/2013 2:32:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

5/4/2013 2:32:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/4/2013 2:32:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/4/2013 2:31:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO AVGIDSDriver Avgldx64 discache MpFilter spldr sptd Wanarpv6

5/4/2013 2:31:40 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

5/4/2013 2:31:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000ec, 0x0000000000000002, 0x0000000000000001, 0xfffff800034afd35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-29234-01.

5/4/2013 2:30:59 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

5/4/2013 1:27:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000180000004dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800034b1d35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-33056-01.

4/29/2013 6:20:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.149.825.0).

4/29/2013 6:20:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.803.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80070643 Error description: Fatal error during installation.

.

==== End Of File ===========================

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Thanks for getting to this post. Since my first post 2 weeks back I have just been running my computer basically the same way it was able to start up normally before, that is with the Micorsoft Security Client and thus MSSE disabled.

Here are the logs you requested via Farbar:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013

Ran by Kyle Winninghoff (administrator) on 18-05-2013 00:10:02

Running from C:\Users\Kyle Winninghoff\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

( ) C:\Windows\system32\lxdpcoms.exe

(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Lexmark International Inc.) C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe

(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

(Razer USA Ltd) C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe

(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

(Thorvald Natvig) C:\Program Files (x86)\Mumble\mumble.exe

(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe

(Farbar) C:\Users\Kyle Winninghoff\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-01-29] (Realtek Semiconductor)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: [lxdpmon.exe] "C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe" [672424 2010-02-04] ()

HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe" [107176 2010-02-04] (Lexmark International Inc.)

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [395152 2011-06-30] (Seagate)

HKCU\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4331392 2012-05-30] (AOL Inc.)

HKCU\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)

HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)

HKCU\...\Run: [ROC_ROC_APR2013_AV] C:\Users\Kyle Winninghoff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1e016d2c33a647d6b9d1f186769500ce-5c87895d3b356dd23a1434c2b3f9f54daa8ce9d9 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x]

MountPoints2: {3676c0ff-1e0a-11e1-94ef-806e6f6e6963} - D:\.\Bin\Assetup.exe

HKLM-x32\...\Run: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe" [611968 2010-04-19] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-05-10] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x]

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()

HKLM-x32\...\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe [887712 2011-05-16] (Razer USA Ltd)

HKLM-x32\...\Run: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2638152 2011-06-30] (Seagate)

HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\SetPointII.lnk

ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File

BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll No File

BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File

PDF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:

========

FF ProfilePath: C:\Users\Kyle Winninghoff\AppData\Roaming\Mozilla\Firefox\Profiles\q9awmc5p.default-1347400038011

FF Homepage: hxxp://www.msn.com

FF Keyword.URL: hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File

FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File

FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File

FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)

R2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( )

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-19] ()

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

R2 XTUService; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [22280 2010-04-09] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

R0 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [14592 2010-05-05] (ASUSTek Computer Inc.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()

S3 ATICDSDr; C:\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys [6656 2007-11-01] (ATI Technologies Inc.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)

R3 ICTDrv; C:\Windows\System32\DRIVERS\ICTDrv.sys [22488 2009-07-10] (Intel Corporation)

R2 IOCBIOS; C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [30384 2010-02-03] (Intel Corporation)

S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-30] (Broadcom Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd)

S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)

S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-30] ()

U3 a6y6cig9; C:\Windows\System32\Drivers\a6y6cig9.sys [0 ] (Microsoft Corporation)

R0 snapman; system32\DRIVERS\snapman.sys [x]

R0 vidsflt53; system32\DRIVERS\vsflt53.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-18 00:09 - 2013-05-18 00:09 - 00000000 ____D C:\FRST

2013-05-18 00:08 - 2013-05-18 00:09 - 01877468 ____A (Farbar) C:\Users\Kyle Winninghoff\Desktop\FRST64.exe

2013-05-15 04:00 - 2013-05-05 14:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-15 04:00 - 2013-05-05 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-15 04:00 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-15 04:00 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-15 03:59 - 2013-04-04 18:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-15 03:59 - 2013-04-04 18:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-15 03:59 - 2013-04-04 18:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-15 03:59 - 2013-04-04 18:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-15 03:59 - 2013-04-04 17:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-15 03:59 - 2013-04-04 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-15 03:59 - 2013-04-04 17:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-15 03:59 - 2013-04-04 17:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-15 03:59 - 2013-04-04 17:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-15 03:59 - 2013-04-04 17:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-15 03:59 - 2013-04-04 17:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-15 03:59 - 2013-04-04 17:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-15 03:59 - 2013-04-04 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-15 03:59 - 2013-04-04 17:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-15 03:59 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-15 03:59 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-15 03:59 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-15 03:59 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-15 03:59 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-15 03:59 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-15 03:59 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-15 03:59 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-15 03:59 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-15 03:59 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-15 03:59 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-15 03:59 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-15 03:59 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-15 03:59 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-15 02:44 - 2013-05-15 03:07 - 369298041 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E24.HDTV.x264-LOL.mp4

2013-05-14 19:17 - 2013-04-09 23:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-14 19:17 - 2013-04-09 23:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-14 19:17 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-14 19:17 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-14 19:17 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-14 19:17 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-14 19:17 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-14 19:17 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-14 19:17 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-14 19:17 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-14 19:17 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-14 19:17 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-14 19:17 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-14 19:17 - 2011-02-03 04:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-08 03:27 - 2013-05-08 03:45 - 307135980 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E23.HDTV.x264-LOL.mp4

2013-05-04 17:54 - 2013-05-04 17:54 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage

2013-05-04 15:54 - 2013-05-04 15:54 - 00791040 ____A C:\Users\Kyle Winninghoff\Desktop\RogueKillerX64.exe

2013-05-04 15:41 - 2013-05-04 15:41 - 00024839 ____A C:\Users\Kyle Winninghoff\Desktop\attach.txt

2013-05-04 15:41 - 2013-05-04 15:41 - 00018067 ____A C:\Users\Kyle Winninghoff\Desktop\dds.txt

2013-05-04 14:31 - 2013-05-04 14:31 - 00276424 ____A C:\Windows\Minidump\050413-29234-01.dmp

2013-05-04 13:27 - 2013-05-04 13:27 - 00276424 ____A C:\Windows\Minidump\050413-33056-01.dmp

2013-05-04 05:58 - 2013-05-04 05:58 - 00688992 ____R (Swearware) C:\Users\Kyle Winninghoff\Desktop\dds.scr

2013-05-04 05:51 - 2013-05-04 05:51 - 00276424 ____A C:\Windows\Minidump\050413-32307-01.dmp

2013-05-04 03:36 - 2013-05-04 03:36 - 00276368 ____A C:\Windows\Minidump\050413-32370-01.dmp

2013-05-04 03:18 - 2013-05-04 03:19 - 00276424 ____A C:\Windows\Minidump\050413-36863-01.dmp

2013-05-04 03:14 - 2013-05-04 03:14 - 00276368 ____A C:\Windows\Minidump\050413-46535-01.dmp

2013-05-04 03:10 - 2013-05-04 03:11 - 00276368 ____A C:\Windows\Minidump\050413-46925-01.dmp

2013-05-01 02:42 - 2013-05-01 03:00 - 282671826 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E22.HDTV.x264-LOL.mp4

2013-04-30 01:38 - 2013-04-30 02:11 - 314125960 ____A C:\Users\Kyle Winninghoff\Desktop\The.Following.S01E15.HDTV.x264-LOL.mp4

2013-04-24 03:36 - 2013-04-24 03:54 - 285781557 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E21.HDTV.x264-LOL.mp4

2013-04-23 23:01 - 2013-04-12 07:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-23 14:51 - 2013-04-23 15:14 - 262733883 ____A C:\Users\Kyle Winninghoff\Desktop\The.Following.S01E14.HDTV.x264-LOL.mp4

2013-04-19 12:14 - 2012-08-23 07:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll

2013-04-19 12:14 - 2012-08-23 07:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys

2013-04-19 12:14 - 2012-08-23 07:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys

2013-04-19 12:14 - 2012-08-23 06:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2013-04-19 12:14 - 2012-08-23 06:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2013-04-19 12:14 - 2012-08-23 06:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2013-04-19 12:14 - 2012-08-23 06:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2013-04-19 12:14 - 2012-08-23 06:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll

2013-04-19 12:14 - 2012-08-23 06:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll

2013-04-19 12:14 - 2012-08-23 06:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-04-19 12:14 - 2012-08-23 06:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll

2013-04-19 12:14 - 2012-08-23 06:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll

2013-04-19 12:14 - 2012-08-23 05:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-04-19 12:14 - 2012-08-23 04:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

2013-04-19 12:14 - 2012-08-23 04:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-04-19 12:14 - 2012-08-23 04:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe

2013-04-19 12:14 - 2012-08-23 04:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2013-04-19 12:14 - 2012-08-23 03:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-04-19 12:14 - 2012-08-23 03:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll

2013-04-19 12:14 - 2012-08-23 03:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2013-04-19 12:14 - 2012-08-23 03:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe

2013-04-19 12:14 - 2012-08-23 02:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2013-04-19 12:14 - 2012-08-23 01:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-04-19 12:14 - 2012-08-23 01:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-04-19 12:12 - 2013-01-13 14:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 14:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 14:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 14:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-19 12:12 - 2013-01-13 14:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-19 12:12 - 2013-01-13 14:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 14:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 14:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 14:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-04-19 12:12 - 2013-01-13 13:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-19 12:12 - 2013-01-13 13:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-04-19 12:12 - 2013-01-13 13:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-04-19 12:12 - 2013-01-13 13:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-04-19 12:12 - 2013-01-13 13:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-04-19 12:12 - 2013-01-13 13:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-04-19 12:12 - 2013-01-13 12:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-04-19 12:12 - 2013-01-13 12:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-04-19 12:12 - 2013-01-13 12:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-04-19 12:12 - 2013-01-13 12:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-04-19 12:12 - 2013-01-13 12:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-04-19 12:12 - 2013-01-13 12:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-04-19 12:12 - 2013-01-13 12:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-04-19 12:12 - 2013-01-13 12:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-04-19 12:12 - 2013-01-13 12:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-04-19 12:12 - 2013-01-13 12:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-04-19 12:12 - 2013-01-13 12:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-04-19 12:12 - 2013-01-13 12:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-04-19 12:12 - 2013-01-13 12:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-04-19 12:12 - 2013-01-13 12:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-04-19 12:12 - 2013-01-13 12:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-04-19 12:12 - 2013-01-13 12:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-04-19 12:12 - 2013-01-13 12:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-04-19 12:12 - 2013-01-13 12:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-04-19 12:12 - 2013-01-13 12:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-04-19 12:12 - 2013-01-13 12:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-04-19 12:12 - 2013-01-13 12:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-04-19 12:12 - 2013-01-13 12:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-04-19 12:12 - 2013-01-13 11:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-04-19 12:12 - 2013-01-13 11:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-04-19 12:12 - 2013-01-13 11:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-04-19 12:12 - 2013-01-13 10:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-04-19 12:12 - 2013-01-13 10:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-04-19 12:12 - 2013-01-03 23:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-04-19 12:12 - 2013-01-03 23:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-04-19 12:10 - 2012-08-24 11:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2013-04-19 12:10 - 2012-08-24 11:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2013-04-19 12:10 - 2012-08-24 11:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2013-04-19 12:10 - 2012-08-24 11:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2013-04-19 12:10 - 2012-08-24 09:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-04-19 12:10 - 2012-08-24 09:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-04-19 12:10 - 2012-08-24 09:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

2013-05-18 00:09 - 2013-05-18 00:09 - 00000000 ____D C:\FRST

2013-05-18 00:09 - 2013-05-18 00:08 - 01877468 ____A (Farbar) C:\Users\Kyle Winninghoff\Desktop\FRST64.exe

2013-05-17 23:23 - 2010-11-30 22:39 - 01679736 ____A C:\Windows\WindowsUpdate.log

2013-05-17 23:20 - 2012-12-11 02:02 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-17 22:35 - 2010-12-01 00:13 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Roaming\Mumble

2013-05-17 18:01 - 2010-12-01 15:28 - 00000000 ____D C:\ProgramData\MFAData

2013-05-17 10:20 - 2012-12-11 02:02 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-17 03:39 - 2010-12-01 23:30 - 00000000 ____D C:\Users\Kyle Winninghoff\Documents\Word Docs

2013-05-16 22:30 - 2010-11-30 16:42 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Roaming\mIRC

2013-05-15 23:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache

2013-05-15 22:35 - 2010-11-30 16:42 - 00000000 ____D C:\Program Files (x86)\mIRC

2013-05-15 16:32 - 2010-12-01 00:48 - 00000000 ____D C:\Program Files (x86)\Steam

2013-05-15 16:32 - 2009-07-13 21:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-15 16:32 - 2009-07-13 21:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-15 16:25 - 2010-11-30 22:39 - 00000000 ____D C:\users\Kyle Winninghoff

2013-05-15 16:23 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-15 16:23 - 2009-07-13 21:51 - 00107217 ____A C:\Windows\setupact.log

2013-05-15 16:22 - 2009-07-13 21:45 - 00421800 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-15 04:06 - 2010-11-30 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-05-15 04:03 - 2010-12-05 17:11 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 04:01 - 2009-07-13 22:13 - 00832892 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-15 03:57 - 2010-12-02 04:14 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Roaming\uTorrent

2013-05-15 03:07 - 2013-05-15 02:44 - 369298041 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E24.HDTV.x264-LOL.mp4

2013-05-08 03:45 - 2013-05-08 03:27 - 307135980 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E23.HDTV.x264-LOL.mp4

2013-05-05 14:36 - 2013-05-15 04:00 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-05 14:16 - 2013-05-15 04:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-05 12:25 - 2013-05-15 04:00 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-05 12:12 - 2013-05-15 04:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-04 18:17 - 2011-05-26 23:31 - 00000000 ___RD C:\Users\Kyle Winninghoff\Dropbox

2013-05-04 18:17 - 2011-05-26 23:30 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Roaming\Dropbox

2013-05-04 17:54 - 2013-05-04 17:54 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage

2013-05-04 15:54 - 2013-05-04 15:54 - 00791040 ____A C:\Users\Kyle Winninghoff\Desktop\RogueKillerX64.exe

2013-05-04 15:41 - 2013-05-04 15:41 - 00024839 ____A C:\Users\Kyle Winninghoff\Desktop\attach.txt

2013-05-04 15:41 - 2013-05-04 15:41 - 00018067 ____A C:\Users\Kyle Winninghoff\Desktop\dds.txt

2013-05-04 14:31 - 2013-05-04 14:31 - 00276424 ____A C:\Windows\Minidump\050413-29234-01.dmp

2013-05-04 14:31 - 2011-06-02 04:19 - 00000000 ____D C:\Windows\Minidump

2013-05-04 14:31 - 2011-06-02 04:18 - 578967433 ____A C:\Windows\MEMORY.DMP

2013-05-04 14:17 - 2012-12-27 14:19 - 00000000 ____D C:\ProgramData\AVG2013

2013-05-04 13:27 - 2013-05-04 13:27 - 00276424 ____A C:\Windows\Minidump\050413-33056-01.dmp

2013-05-04 05:58 - 2013-05-04 05:58 - 00688992 ____R (Swearware) C:\Users\Kyle Winninghoff\Desktop\dds.scr

2013-05-04 05:51 - 2013-05-04 05:51 - 00276424 ____A C:\Windows\Minidump\050413-32307-01.dmp

2013-05-04 05:34 - 2012-12-27 14:17 - 00000000 ____D C:\Users\Kyle Winninghoff\AppData\Local\Avg2013

2013-05-04 03:36 - 2013-05-04 03:36 - 00276368 ____A C:\Windows\Minidump\050413-32370-01.dmp

2013-05-04 03:19 - 2013-05-04 03:18 - 00276424 ____A C:\Windows\Minidump\050413-36863-01.dmp

2013-05-04 03:14 - 2013-05-04 03:14 - 00276368 ____A C:\Windows\Minidump\050413-46535-01.dmp

2013-05-04 03:11 - 2013-05-04 03:10 - 00276368 ____A C:\Windows\Minidump\050413-46925-01.dmp

2013-05-04 03:06 - 2010-12-01 13:53 - 00061442 ____A C:\Windows\PFRO.log

2013-05-03 23:32 - 2010-12-02 04:15 - 00000000 ____D C:\Program Files (x86)\uTorrent

2013-05-02 08:29 - 2010-11-30 23:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-05-01 03:00 - 2013-05-01 02:42 - 282671826 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E22.HDTV.x264-LOL.mp4

2013-04-30 02:11 - 2013-04-30 01:38 - 314125960 ____A C:\Users\Kyle Winninghoff\Desktop\The.Following.S01E15.HDTV.x264-LOL.mp4

2013-04-24 03:54 - 2013-04-24 03:36 - 285781557 ____A C:\Users\Kyle Winninghoff\Desktop\NCIS.Los.Angeles.S04E21.HDTV.x264-LOL.mp4

2013-04-23 15:14 - 2013-04-23 14:51 - 262733883 ____A C:\Users\Kyle Winninghoff\Desktop\The.Following.S01E14.HDTV.x264-LOL.mp4

2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-04-19 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-04-19 12:06 - 2012-09-11 15:12 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-04-19 12:06 - 2012-09-11 15:12 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-04-19 12:06 - 2010-11-30 20:56 - 00000000 ____D C:\ProgramData\Adobe

2013-04-19 11:55 - 2013-03-08 04:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-04-19 11:55 - 2012-04-29 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-04-19 11:55 - 2010-11-30 15:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-19 11:45 - 2012-03-17 20:27 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-14 23:15

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-05-2013

Ran by Kyle Winninghoff at 2013-05-18 00:10:37 Run:

Running from C:\Users\Kyle Winninghoff\Desktop

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)

µTorrent (Version: 3.3.0.29625)

AaAaAA!!! - A Reckless Disregard for Gravity

Acrobat.com (Version: 1.6.65)

Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)

Adobe Flash Player 11 Plugin (Version: 11.7.700.169)

Adobe Reader X (10.1.7) (Version: 10.1.7)

Advertising Center (Version: 0.0.0.2)

AIM 7

Amazon Kindle

AMD Accelerated Video Transcoding (Version: 12.5.100.21219)

AMD APP SDK Runtime (Version: 10.0.1084.4)

AMD Catalyst Install Manager (Version: 8.0.903.0)

AMD Drag and Drop Transcoding (Version: 2.00.0000)

AMD Media Foundation Decoders (Version: 1.0.71219.1540)

Application Profiles (Version: 2.0.4357.40145)

Assassin's Creed

ASUS Ai Charger (Version: 1.00.06)

ASUS E-Green Uninstall

ASUSUpdate (Version: 7.18.03)

Audiosurf

AutoHotkey 1.0.48.05 (Version: 1.0.48.05)

AVG 2012 (Version: 12.0.1809)

AVG 2012 (Version: 12.0.1831)

AVG 2012 (Version: 12.0.1834)

AVG 2012 (Version: 12.0.1869)

AVG 2012 (Version: 12.0.1872)

AVG 2012 (Version: 12.0.1873)

AVG 2012 (Version: 12.0.1890)

AVG 2012 (Version: 12.0.1901)

AVG 2012 (Version: 12.0.1913)

AVG 2012 (Version: 12.0.2171)

AVG 2012 (Version: 12.0.2176)

AVG 2012 (Version: 12.0.2178)

AVG 2012 (Version: 12.0.2180)

AVG 2012 (Version: 12.0.2193)

AVG 2012 (Version: 12.0.2195)

AVG 2012 (Version: 12.0.2197)

AVG 2012 (Version: 12.0.2221)

AVG 2013 (Version: 13.0.2805)

AVG 2013 (Version: 13.0.2890)

AVG 2013 (Version: 13.0.2897)

AVG 2013 (Version: 13.0.2899)

AVG 2013 (Version: 13.0.2904)

AVG 2013 (Version: 13.0.3162)

AVG 2013 (Version: 2013.0.2904)

Bastion

Battlefield 3™ (Version: 1.4.0.0)

Battlelog Web Plugins (Version: 2.1.3)

Beat Hazard

BIT.TRIP BEAT

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center (Version: 2012.1219.1521.27485)

Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)

Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826)

Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)

Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)

CCC Help Chinese Standard (Version: 2012.1219.1520.27485)

CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)

CCC Help Czech (Version: 2012.1219.1520.27485)

CCC Help Danish (Version: 2012.1219.1520.27485)

CCC Help Dutch (Version: 2012.1219.1520.27485)

CCC Help English (Version: 2012.1219.1520.27485)

CCC Help Finnish (Version: 2012.1219.1520.27485)

CCC Help French (Version: 2012.1219.1520.27485)

CCC Help German (Version: 2012.1219.1520.27485)

CCC Help Greek (Version: 2012.1219.1520.27485)

CCC Help Hungarian (Version: 2012.1219.1520.27485)

CCC Help Italian (Version: 2012.1219.1520.27485)

CCC Help Japanese (Version: 2012.1219.1520.27485)

CCC Help Korean (Version: 2012.1219.1520.27485)

CCC Help Norwegian (Version: 2012.1219.1520.27485)

CCC Help Polish (Version: 2012.1219.1520.27485)

CCC Help Portuguese (Version: 2012.1219.1520.27485)

CCC Help Russian (Version: 2012.1219.1520.27485)

CCC Help Spanish (Version: 2012.1219.1520.27485)

CCC Help Swedish (Version: 2012.1219.1520.27485)

CCC Help Thai (Version: 2012.1219.1520.27485)

CCC Help Turkish (Version: 2012.1219.1520.27485)

ccc-utility64 (Version: 2012.1219.1521.27485)

Cities XL 2011

Combined Community Codec Pack 2010-10-10 (Version: 2010.10.10.0)

Darwinia

Day of Defeat: Source

DEFCON

Defense Grid: The Awakening

Diablo III (Version: 1.0.7.15295)

Download Updater (AOL LLC)

Driver Sweeper version 3.2.0 (Version: 3.2.0)

Dropbox (Version: 1.1.35)

E-Hammer (Version: 1.0.0)

Empire: Total War

erLT (Version: 1.20.0137)

ESN Sonar (Version: 0.70.0)

ESN Sonar (Version: 0.70.4)

Fan Xpert (Version: 1.00.13)

FileZilla Client 3.6.0.2 (Version: 3.6.0.2)

GOM Player (Version: 2.1.37.5085)

Google Drive (Version: 1.9.4536.8202)

Google Update Helper (Version: 1.3.21.145)

Heroes of Newerth (Version: 2.0.26)

ImagXpress (Version: 7.0.74.0)

Intel Extreme Tuning Utility 2.0.143.16 (Version: 2.0.143.16)

Intel® SMBus

Intel® Matrix Storage Manager

Java Auto Updater (Version: 2.1.9.0)

JMicron JMB36X Driver (Version: 1.17.56.2)

Just Cause 2

Killing Floor

Left 4 Dead

Left 4 Dead 2

Lexmark Z2300 Series

Logitech SetPoint 5.20 (Version: 5.20)

Magicka

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

marvell 91xx driver (Version: 1.0.0.1034)

Mass Effect (Version: 1.00)

Mass Effect 2

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)

mIRC (Version: 7.15)

Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)

Mozilla Maintenance Service (Version: 20.0.1)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Mumble and Murmur (Version: 1.2.2)

Natural Selection 2

Nero 9 Essentials

Nero BurnRights (Version: 3.4.13.100)

Nero BurnRights Help (Version: 3.4.4.100)

Nero ControlCenter (Version: 9.0.0.1)

Nero CoverDesigner (Version: 4.4.12.100)

Nero CoverDesigner Help (Version: 4.4.9.100)

Nero Disc Copy Gadget (Version: 2.4.34.0)

Nero Disc Copy Gadget Help (Version: 2.4.34.0)

Nero DiscSpeed (Version: 5.4.13.100)

Nero DiscSpeed Help (Version: 5.4.4.100)

Nero DriveSpeed (Version: 4.4.12.100)

Nero DriveSpeed Help (Version: 4.4.4.100)

Nero Express Help (Version: 9.4.33.100)

Nero InfoTool (Version: 6.4.12.100)

Nero InfoTool Help (Version: 6.4.4.100)

Nero Installer (Version: 4.4.9.0)

Nero Online Upgrade (Version: 1.3.0.0)

Nero StartSmart (Version: 9.4.33.100)

Nero StartSmart Help (Version: 9.4.27.100)

Nero StartSmart OEM (Version: 9.4.10.100)

NeroExpress (Version: 9.4.33.100)

neroxml (Version: 1.0.0)

NVIDIA PhysX (Version: 9.10.0224)

OpenAL

Origin (Version: 8.5.0.4550)

PC Probe II (Version: 1.04.88)

PlanetSide 2

Plants vs. Zombies: Game of the Year

Portal

Portal 2

PunkBuster Services (Version: 0.991)

Razer BlackWidow Ultimate (Version: 1.04.04)

Realtek High Definition Audio Driver (Version: 6.0.1.6037)

Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)

RIFT

Roll

RUSH

Saints Row: The Third

Sanctum

Seagate DiscWizard (Version: 13.0.14387)

Sid Meier's Civilization V

SimCity™ (Version: 1.0.0.0)

Sins of a Solar Empire: Rebellion

Skype™ 5.10 (Version: 5.10.116)

SmoothPING Elite (Version: 1.1.0.116)

Star Wars: The Old Republic (Version: 1.00)

Steam (Version: 1.0.0.0)

Super Meat Boy

swMSM (Version: 12.0.0.1)

Team Fortress 2

Toki Tori

Torchlight

Total War: SHOGUN 2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

User's Guides (Version: 1.20.0000)

Veetle TV (Version: 0.9.18)

Ventrilo Client for Windows x64 (Version: 3.0.7.0)

Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)

VLC media player 0.9.2 (Version: 0.9.2)

Windows Live OneCare safety scanner (Version: 1.0.0.0)

WinRAR archiver

World of Goo

World of Warcraft (Version: 5.2.0.16826)

==================== Restore Points =========================

05-05-2013 05:02:44 Installed JMicron JMB36X Driver

05-05-2013 05:04:52 Installed Realtek Ethernet Controller Driver For Windows Vista aï¾â7

05-05-2013 05:06:40 Installed Renesas Electronics USB 3.0 Host Controller Driver

05-05-2013 05:07:36 Installed Browser Configuration Utility.

05-05-2013 05:10:23 Installed ASUSUpdate

05-05-2013 05:10:32 Installed Fan Xpert

05-05-2013 05:11:03 Installed PC Probe II

05-05-2013 05:11:08 Installed ASUS Ai Charger

05-05-2013 05:15:35 Removed Browser Configuration Utility.

05-05-2013 05:25:21 Installed Nero 9 Essentials 4.4.9.0

05-05-2013 05:40:40 Windows Update

05-05-2013 05:47:09 Windows Update

05-05-2013 05:49:29 Windows Update

05-05-2013 05:50:25 Windows Update

05-05-2013 05:51:03 Windows Update

05-05-2013 06:00:35 Windows Update

08-05-2013 06:40:01 Windows Update

11-05-2013 13:29:03 Windows Update

15-05-2013 10:58:58 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (05/04/2013 01:35:11 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:

Could not query the status of the EventSystem service.

System Error:

A system shutdown is in progress.

.

Error: (04/22/2013 00:04:02 AM) (Source: Application Error) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e

Exception code: 0xc0000374

Fault offset: 0x00000000000c40f2

Faulting process id: 0x9b8

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

Error: (04/18/2013 03:58:49 AM) (Source: Application Hang) (User: )

Description: The program WoW-64.exe version 5.2.0.16826 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e10

Start Time: 01ce3c01214292ea

Termination Time: 989

Application Path: C:\Program Files (x86)\World of Warcraft\WoW-64.exe

Report Id: ecd5efc4-a816-11e2-b67c-20cf3071e93d

Error: (04/12/2013 03:14:50 PM) (Source: Application Error) (User: )

Description: Faulting application name: plugin-container.exe, version: 19.0.2.4814, time stamp: 0x5138a158

Faulting module name: mozalloc.dll, version: 19.0.2.4814, time stamp: 0x513883c4

Exception code: 0x80000003

Fault offset: 0x00001988

Faulting process id: 0x192c

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3

Error: (03/20/2013 10:49:25 AM) (Source: Application Error) (User: )

Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4

Faulting module name: MSI3A88.tmp, version: 2.0.0.9, time stamp: 0x4d4b089c

Exception code: 0xc000000d

Fault offset: 0x00019d88

Faulting process id: 0x106c

Faulting application start time: 0xMsiExec.exe0

Faulting application path: MsiExec.exe1

Faulting module path: MsiExec.exe2

Report Id: MsiExec.exe3

Error: (03/20/2013 10:49:09 AM) (Source: Application Error) (User: )

Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4

Faulting module name: MSIE015.tmp, version: 2.0.0.9, time stamp: 0x4d4b089c

Exception code: 0xc000000d

Fault offset: 0x00019d88

Faulting process id: 0x5a0

Faulting application start time: 0xMsiExec.exe0

Faulting application path: MsiExec.exe1

Faulting module path: MsiExec.exe2

Report Id: MsiExec.exe3

Error: (03/08/2013 09:29:42 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25101: StandardAction(0xC007620D): We have detected that Microsoft Security Essentials, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.

Error: (03/08/2013 09:29:41 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25101: StandardAction(0xC007620D): We have detected that Microsoft Security Essentials, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.

Error: (03/08/2013 09:29:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25101: StandardAction(0xC007620D): We have detected that Microsoft Security Essentials, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.

Error: (03/08/2013 09:29:39 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25101: StandardAction(0xC007620D): We have detected that Microsoft Security Essentials, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.

System errors:

=============

Error: (05/15/2013 04:23:10 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

Error: (05/15/2013 04:23:06 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

Error: (05/14/2013 03:56:23 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

Error: (05/14/2013 03:56:19 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

Error: (05/14/2013 04:33:48 AM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

Error: (05/05/2013 03:35:48 PM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/04/2013 11:28:53 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

Error: (05/04/2013 11:28:46 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

Error: (05/04/2013 07:32:06 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

Error: (05/04/2013 05:53:52 PM) (Source: VDS Basic Provider) (User: )

Description: Unexpected failure. Error code: 490@01010004

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2011-02-17 01:59:18.094

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-02-17 01:59:18.083

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-02-17 01:59:17.875

Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install Pack\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-02-17 01:59:17.865

Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install Pack\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-02-17 01:59:17.103

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-02-17 01:59:17.092

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-02-17 01:59:16.905

Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install Pack\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-02-17 01:59:16.895

Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install Pack\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-02-17 01:59:16.112

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-02-17 01:59:16.102

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 53%

Total physical RAM: 12279.11 MB

Available physical RAM: 5724.89 MB

Total Pagefile: 24556.4 MB

Available Pagefile: 18627.64 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:373.07 GB) NTFS (Disk=0 Partition=2)

Drive e: () (Fixed) (Total:596.16 GB) (Free:120 GB) NTFS (Disk=1 Partition=1)

Drive f: (SuperStorage) (Fixed) (Total:2794.39 GB) (Free:2113.03 GB) NTFS (Disk=3 Partition=2)

Drive g: (MegaStorage) (Fixed) (Total:931.51 GB) (Free:259.95 GB) NTFS (Disk=2 Partition=1)

Drive i: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=4 Partition=1) ==>[system with boot components (obtained from reading drive)]

Drive j: () (Fixed) (Total:111.69 GB) (Free:71.28 GB) NTFS (Disk=4 Partition=2)

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F8E1EE76)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 596 GB) (Disk ID: CF11CF11)

Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 97A2AC1D)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================

Disk: 3 (Size: 2795 GB) (Disk ID: B67C7785)

Partition: GPT Partition Type

========================================================

Disk: 4 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: E450B253)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Please run the following

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 13-05-18.03 - Kyle Winninghoff 05/18/2013 17:22:25.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.5626 [GMT -7:00]

Running from: c:\users\Kyle Winninghoff\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Kyle Winninghoff\AppData\Roaming\mIRC\logs\status.log

c:\users\Kyle Winninghoff\Desktop\Internet Explorer.lnk

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\WanPacket.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-04-19 to 2013-05-19 )))))))))))))))))))))))))))))))

.

.

2013-05-19 00:27 . 2013-05-19 00:27 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2013-05-19 00:27 . 2013-05-19 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-18 23:33 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C083459-0BBE-4F55-9CD6-42AC2257E45A}\mpengine.dll

2013-05-18 07:09 . 2013-05-18 07:09 -------- d-----w- C:\FRST

2013-05-17 23:33 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-15 11:00 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-15 11:00 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-15 11:00 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-15 02:17 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-04-24 06:01 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-23 21:56 . 2013-04-23 21:53 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F71EDD8-1A64-4E38-A344-2CAA8F98648C}\gapaengine.dll

2013-04-19 19:12 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-04-19 19:10 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-04-19 19:10 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2013-04-19 19:10 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll

2013-04-19 19:10 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2013-04-19 19:10 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-04-19 19:10 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-04-19 19:10 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-04-19 18:45 . 2013-04-19 18:45 -------- d-----w- c:\users\Kyle Winninghoff\AppData\Local\Programs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 11:03 . 2010-12-06 00:11 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-02 15:29 . 2010-12-01 06:33 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-19 19:06 . 2012-09-11 22:12 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-19 19:06 . 2012-09-11 22:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-13 05:49 . 2013-05-15 02:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 02:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 02:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 02:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 02:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 02:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-06 05:00 . 2011-09-30 03:11 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-04-06 05:00 . 2011-09-30 02:46 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-04-06 05:00 . 2011-09-30 02:46 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-04-04 21:50 . 2010-11-30 22:55 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-20 18:25 . 2013-03-20 18:25 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-20 18:25 . 2012-07-22 22:36 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-20 18:25 . 2011-03-25 08:41 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-19 06:04 . 2013-04-10 20:23 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 20:23 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 20:23 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 20:23 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 20:23 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 20:23 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QFan Help"="c:\program files (x86)\ASUS\Fan Xpert\QFanHelp.exe" [2010-04-19 611968]

"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712]

"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 ATICDSDr;ATICDSDr;c:\users\KYLEWI~1\AppData\Local\Temp\ATICDSDr.sys [x]

R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys [2011-03-30 1254464]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-01 1255736]

S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-05-06 14592]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-01 834544]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-11-30 210016]

S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-11-30 141920]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-02-03 30384]

S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe [2007-11-20 1039872]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408]

S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-04-10 22280]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 ICTDrv;ICTDrv;c:\windows\system32\DRIVERS\ICTDrv.sys [2009-07-11 22488]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-13 154624]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 09:02]

.

2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 09:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Kyle Winninghoff\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"lxdpmon.exe"="c:\program files (x86)\Lexmark Z2300 Series\lxdpmon.exe" [2010-02-04 672424]

"EzPrint"="c:\program files (x86)\Lexmark Z2300 Series\ezprint.exe" [2010-02-04 107176]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki...

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Kyle Winninghoff\AppData\Roaming\Mozilla\Firefox\Profiles\q9awmc5p.default-1347400038011\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Kyle Winninghoff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe

Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe

AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1182413079-1598480923-2472889761-1000\Software\SecuROM\License information*]

"datasecu"=hex:8e,3f,4e,d2,01,af,ad,9e,f1,40,34,a6,45,63,30,a6,0e,6b,25,fe,dc,

4b,c5,44,23,f2,f2,ff,2c,32,b0,85,8b,ee,e4,c5,2a,90,78,06,8e,f7,7d,7f,67,a8,\

"rkeysecu"=hex:9b,7f,1a,a1,78,63,40,f9,4f,7d,57,cc,ce,52,19,fa

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-18 17:30:27

ComboFix-quarantined-files.txt 2013-05-19 00:30

.

Pre-Run: 399,806,763,008 bytes free

Post-Run: 401,166,856,192 bytes free

.

- - End Of File - - 52F8B86B6FC25EB9CEAB7A0A33C15EEF

Link to post
Share on other sites

  • Staff

Please do the following:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

Link to post
Share on other sites

K so I ran the Root-kit scan and it came back clean, so I went and made sure the mentioned items were all on and everything was up to date. I went back and turned Microsoft Security Client start-up process back on and reinstalled the current version of Java. On restart everything started up fine and windows is running normally as far as i can tell.

Here are the logs from the Root-kit scan:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.05.19.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kyle Winninghoff :: KYLEWINNINGHOFF [administrator]

5/18/2013 8:40:30 PM

mbar-log-2013-05-18 (20-40-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 29729

Time elapsed: 7 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED

CPU speed: 3.073000 GHz

Memory total: 12875579392, free: 7840481280

------------ Kernel report ------------

05/18/2013 20:30:50

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\spde.sys

\SystemRoot\System32\Drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\DRIVERS\vsflt53.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\AiCharger.sys

\SystemRoot\system32\DRIVERS\jraid.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStorV.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\mv91xx.sys

\SystemRoot\system32\DRIVERS\mvxxmm.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\vididr.sys

\SystemRoot\system32\DRIVERS\timntr.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\DRIVERS\snapman.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx64.sys

\SystemRoot\system32\DRIVERS\avgloga.sys

\SystemRoot\system32\DRIVERS\avgmfx64.sys

\SystemRoot\system32\DRIVERS\avgidsha.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\avgtdia.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx64.sys

\SystemRoot\system32\DRIVERS\avgidsdrivera.sys

\SystemRoot\SysWow64\drivers\AsUpIO.sys

\SystemRoot\SysWow64\drivers\AsIO.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\intelsmb.sys

\SystemRoot\System32\Drivers\a6y6cig9.SYS

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\ICTDrv.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\RzSynapse.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\drivers\qwavedrv.sys

\??\C:\Windows\system32\Drivers\PROCEXP113.SYS

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa800c28a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Scsi\mv91xx1Port2Path0Target1Lun0\

Lower Device Object: 0xfffffa800acde050

Lower Device Driver Name: \Driver\mv91xx\

Driver name found: mv91xx

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\scsiport.sys (0x0)

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa800c289060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-4\

Lower Device Object: 0xfffffa800acd6050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800c288060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-3\

Lower Device Object: 0xfffffa800acd8050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800c151790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-2\

Lower Device Object: 0xfffffa800acd2050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800c14b790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800acd4050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Downloaded database version: v2013.05.19.01

Downloaded database version: v2013.05.14.03

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800c14b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800c14b0b0, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xfffffa800c14b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800c14b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800afd7b50, DeviceName: Unknown, DriverName: \Driver\vidsflt53\

DevicePointer: 0xfffffa800acd4050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\

Upper DeviceData: 0xfffff8a02c7460a0, 0xfffffa800c14b790, 0xfffffa801cf37090

Lower DeviceData: 0xfffff8a00fba7b20, 0xfffffa800acd4050, 0xfffffa802135de40

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: F8E1EE76

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 1953314816

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800c151790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800afdf870, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xfffffa800c1512c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800c151790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800afdfa80, DeviceName: Unknown, DriverName: \Driver\vidsflt53\

DevicePointer: 0xfffffa800acd2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\

Upper DeviceData: 0xfffff8a005e037b0, 0xfffffa800c151790, 0xfffffa8020591790

Lower DeviceData: 0xfffff8a006035c20, 0xfffffa800acd2050, 0xfffffa801adc0370

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CF11CF11

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 1250242497

Partition file system is NTFS

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Physical Sector Size: 512

Drive: 2, DevicePointer: 0xfffffa800c288060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800afe8940, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xfffffa800c288b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800c288060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800afe6940, DeviceName: Unknown, DriverName: \Driver\vidsflt53\

DevicePointer: 0xfffffa800acd8050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\

Upper DeviceData: 0xfffff8a02de1a730, 0xfffffa800c288060, 0xfffffa801eb97790

Lower DeviceData: 0xfffff8a0002a3040, 0xfffffa800acd8050, 0xfffffa801934ae40

Drive 2

Scanning MBR on drive 2...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 97A2AC1D

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 1953520002

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Physical Sector Size: 512

Drive: 3, DevicePointer: 0xfffffa800c289060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800aff0940, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xfffffa800c289b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800c289060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800afecd60, DeviceName: Unknown, DriverName: \Driver\vidsflt53\

DevicePointer: 0xfffffa800acd6050, DeviceName: \Device\Ide\IAAStorageDevice-4\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\

Upper DeviceData: 0xfffff8a00fff2520, 0xfffffa800c289060, 0xfffffa8020e45090

Lower DeviceData: 0xfffff8a010897370, 0xfffffa800acd6050, 0xfffffa801bdc0730

Drive 3

Scanning MBR on drive 3...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: B67C7785

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)

Partition is NOT ACTIVE.

Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254

GPT Header Revision 65536 Size 92 CRC 1864972104

GPT Header CurrentLba = 1 BackupLba 5860533167

GPT Header FirstUsableLba 34 LastUsableLba 5860533134

GPT Header Guid d2691329-c20a-4196-a4ab-ee7b707b865a

GPT Header Contains 128 partition entries starting at LBA 2

GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254

Backup GPT header Revision 65536 Size 92 CRC 1864972104

Backup GPT header CurrentLba = 1565565871 BackupLba 1

Backup GPT header FirstUsableLba 34 LastUsableLba 1565565838

Backup GPT header Guid d2691329-c20a-4196-a4ab-ee7b707b865a

Backup GPT header Contains 128 partition entries starting at LBA 1565565839

Backup GPT header Partition entry size = 128

GPT header and Backup GPT header have conflicting data

Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae

Partition ID 8f3b4483-cc91-4876-bb70-9bc11b3a50d4

FirstLBA 34 Last LBA 262177

Attributes 0

Partition Name

Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID c1e5ce23-25bb-440e-9588-2ee27c97079

FirstLBA 262656 Last LBA 5860530467

Attributes 0

Partition Name Basic data partition

Disk Size: 3000592982016 bytes

Sector size: 512 bytes

Physical Sector Size: 512

Drive: 4, DevicePointer: 0xfffffa800c28a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800c28a980, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xfffffa800c28ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800c28a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800aff3940, DeviceName: Unknown, DriverName: \Driver\vidsflt53\

DevicePointer: 0xfffffa800acde050, DeviceName: \Device\Scsi\mv91xx1Port2Path0Target1Lun0\, DriverName: \Driver\mv91xx\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\

Upper DeviceData: 0xfffff8a020629ae0, 0xfffffa800c28a060, 0xfffffa80116ba790

Lower DeviceData: 0xfffff8a000493510, 0xfffffa800acde050, 0xfffffa800f637190

Drive 4

Scanning MBR on drive 4...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E450B253

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 234231808

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Read File: File "c:\ProgramData\AVG2013\chjw\4b413cdb413bfda.dat" is sparse (flags = 32768)

Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-03-28.log" is compressed (flags = 1)

Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-03-30.log" is compressed (flags = 1)

Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-04-01.log" is compressed (flags = 1)

Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-04-02.log" is compressed (flags = 1)

Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-03-28.log" is compressed (flags = 1)

Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-03-30.log" is compressed (flags = 1)

Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-04-01.log" is compressed (flags = 1)

Read File: File "c:\Users\Kyle Winninghoff\AppData\Local\Avg2013\log\avgual.2013-04-02.log" is compressed (flags = 1)

Done!

Scan finished

=======================================

Link to post
Share on other sites

  • Staff

that's good to hear,

there are just a couple more scans I'd like to run in case there are any residual leftovers.

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

Sorry it took me a bit to respond.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Kyle Winninghoff on Sun 05/19/2013 at 13:54:30.79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnu.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll"

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt"

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.1049.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.1049.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"

~~~ FireFox

Successfully deleted: [File] C:\Users\Kyle Winninghoff\AppData\Roaming\mozilla\firefox\profiles\q9awmc5p.default-1347400038011\user.js

Successfully deleted the following from C:\Users\Kyle Winninghoff\AppData\Roaming\mozilla\firefox\profiles\q9awmc5p.default-1347400038011\prefs.js

user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=");

Emptied folder: C:\Users\Kyle Winninghoff\AppData\Roaming\mozilla\firefox\profiles\q9awmc5p.default-1347400038011\minidumps [37 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 05/19/2013 at 13:56:46.01

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.301 - Logfile created 05/19/2013 at 14:03:39

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Kyle Winninghoff - KYLEWINNINGHOFF

# Boot Mode : Normal

# Running from : C:\Users\Kyle Winninghoff\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Kyle Winninghoff\AppData\Roaming\Mozilla\Firefox\Profiles\q9awmc5p.default-1347400038011\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1988 octets] - [19/05/2013 14:03:39]

########## EOF - C:\AdwCleaner[s1].txt - [2048 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.19.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kyle Winninghoff :: KYLEWINNINGHOFF [administrator]

5/19/2013 2:10:08 PM

mbam-log-2013-05-19 (14-10-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 240670

Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

(ESETSCAN):

C:\Users\Kyle Winninghoff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4ae2f8a-7d255d19 a variant of Java/JShrink.A application

C:\Users\Kyle Winninghoff\Downloads\DriverSweeper_3.2.0.exe Win32/OpenCandy application

Link to post
Share on other sites

  • Staff

Looks good,

C:\Users\Kyle Winninghoff\Downloads\DriverSweeper_3.2.0.exe <- this installer is bundled with adware so if you no longer need it then you can right click and delete it.

The other detection is in Java cache which we will clean up now,

please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

Decline any additional installs that may be offered.

NEXT

javaicon.jpg

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u21
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u21-windows-i586.exe to install the newest version.
  • Decline any additional installs that may be offered.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked

      • Trace and Log Files
        Cached Applications and Applets

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

K got rid of C:\Users\Kyle Winninghoff\Downloads\DriverSweeper_3.2.0.exe, and updated Adobe Reader and Java.

As a question my Add Remove said I was already using Java 7 u21, so I just removed that and as far as I can tell reinstalled it, was there some other older version hiding somewhere beyond the add remove list that you saw in a log that you wanted me to get rid of?

My computer seems to be running at the same level as it was before I made the original post at this point.

Link to post
Share on other sites

  • Staff

The installed programs list didn't show your Java version but one of the entries indicated jre6 in one of the BHO plug-ins, if it's not showing, then nothing to be concerned about.

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

we just have some housekeeping to do now, please run the following:

You can delete the DDS, JRT, FRST and MBAR logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

    [*]Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

K cleared out all the programs you had me run during this and ran TFC.

Out of curiosity since I am a novice at looking through the logs from all these scans/tools you had be run I was wondering if my machine was actually infected with anything specific that just got past my existing protection, or was it just infested with tons of stuff suggesting that I need to vastly improve the way I interact with the internet.

And thanks a lot for taking the time to run me through all these steps to get my PC back to working condition, an unplanned forced reformat is one of the things I try to avoid like the plague.

Link to post
Share on other sites

  • Staff

Nothing too terrible, mostly adware and unwanted junk, a lot of these programs and files piggy back on with legitimate downloads, so there really is no way of avoiding it, you just have to be careful what you download and click on.

Make sure when you are installing anything that you always observe the installation and "opt out" of any additional installs such as "tool bars" and the like.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.