Infected with Rootkit.pihar.c.mbr need help

mdbell16 · July 21, 2013

I've been fighting this on my laptop for two days, need help. Laptop only boots in Safe mode and network connectivity is dead, I have to use another PC and USB to move programs/reports. Can't update the anti-virus but signatures are current as of 7/17/13. AVG detects it as: Trojan.agent, Malwarebytes detects it also but it keeps coming back. Tried to run the Beta MBAR but it came back after identifying rootkit.pihar.c.mbr as the culprit. Here are the results of DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.17.2
Run by Admin at 8:16:05 on 2013-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.2414 [GMT -5:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
uRun: [searchProtect] C:\Users\Admin\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [GoogleChromeAutoLaunch_68486C93B827CA2C6824B95048E28803] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Google Update] "C:\Users\Donald\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [spUninstallDeleteDir] rmdir /s /q "C:\Users\Admin\AppData\Roaming\SearchProtect"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [spUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [ (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\2375942554032363 : NameServer = 4.2.2.2
TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\2375942554032363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\24E435C416B65665965677 : NameServer = 4.2.2.2
TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\24E435C416B65665965677 : DHCPNameServer = 207.70.172.240
TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\3627F677E6F573 : NameServer = 4.2.2.2
TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\3627F677E6F573 : DHCPNameServer = 12.127.17.71 10.0.0.4 10.0.0.4
TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\8416269647164702355796475637F513F513 : NameServer = 4.2.2.2
TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\8416269647164702355796475637F513F513 : DHCPNameServer = 192.168.88.1
TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\A6F65623963716961686 : NameServer = 4.2.2.2
TCP: Interfaces\{C0811CFD-C692-43AF-9AC7-1B25564899E9}\A6F65623963716961686 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MRT] "C:\Windows\System32\MRT.exe" /R
x64-RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
x64-RunOnce: [GrpConv] grpconv -o
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: avgwlx64 - avgwlx64.dll
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-28 56336]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-4 45856]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-3 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-5-3 393728]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-7-10 214040]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-7-10 2045464]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-25 1153368]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-7-4 1598128]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-5-28 172704]
S3 H5xUSB;Roxio GameCAP HD PRO;C:\Windows\System32\drivers\uth5x64.sys [2012-8-2 101632]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-7-21 36680]
S3 mbamswissarmy;mbamswissarmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2013-7-21 162008]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
S3 RoxMediaDBGame1X;RoxMediaDBGame1X;C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [2012-8-2 1095824]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-15 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-1 1255736]
S4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
S4 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [2012-4-23 14336]
S4 iRacingService;iRacing.com Helper Service;C:\Program Files (x86)\iRacing\iRacingService.exe [2012-7-22 521896]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]
S4 RsFx0102;RsFx0102 Driver;C:\Windows\System32\drivers\RsFx0102.sys [2008-7-10 314904]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-28 660800]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
.
=============== Created Last 30 ================
.
2013-07-21 13:01:02 287304 ----a-w- C:\Windows\System32\drivers\TrufosAlt.sys
2013-07-21 10:48:33 162008 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2013-07-21 10:48:33 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-21 10:48:16 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-07-20 21:32:50 -------- d-sh--w- C:\found.001
2013-07-20 20:50:40 -------- d-----w- C:\Users\Admin\AppData\Local\Diagnostics
2013-07-20 19:26:59 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-07-20 19:26:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-20 19:26:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-20 19:26:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 19:26:35 -------- d-----w- C:\Users\Admin\AppData\Local\Programs
2013-07-20 19:13:04 -------- d-----w- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2013-07-20 19:06:51 -------- d-----w- C:\Users\Admin\AppData\Local\CrashDumps
2013-07-20 18:17:58 -------- d-----w- C:\Users\Admin\AppData\Roaming\AVG2013
2013-07-20 18:17:46 -------- d-----w- C:\Users\Admin\AppData\Local\Avg2013
.
==================== Find3M ====================
.
2013-07-04 08:11:45 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-23 08:07:30 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 8:20:22.73 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2010 11:38:51 AM
System Uptime: 7/21/2013 7:54:38 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2294/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 17.354 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
RP390: 7/20/2013 3:53:56 PM - Removed Internet Explorer Toolbar 4.8 by SweetPacks
RP391: 7/20/2013 3:56:12 PM - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
RP392: 7/20/2013 8:39:43 PM - Windows Update
.
==== Installed Programs ======================
.
Tools for .Net 3.5
Update for Microsoft Office 2007 (KB2508958)
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 8.0
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
AVG 2013
Compatibility Pack for the 2007 Office system
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Communications (Support Software)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
DHTML Editing Component
DirectX 9 Runtime
Dotfuscator and Analytics Community Edition
Dragon NaturallySpeaking 11
Driver Install 64-Bit
Duplicate Cleaner 2.1b
EZ Grabber
Fantapper Updater
ffdshow [rev 3222] [2010-01-23]
FirstRowSportApp
FlipShare
Free RAR Extract Frog
Free Video Flip and Rotate version 1.8.10
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iRacing.com Race Simulation
iTunes
Java 7 Update 17
Java Auto Updater
Java 6 Update 18 (64-bit)
Java 6 Update 31
Junk Mail filter update
Live! Cam Avatar Creator
LocalESPC
LocalESPCui for en-us
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft Help Viewer 2.0
Microsoft NuGet - Visual Studio 2012
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2010
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server PowerPivot for Excel (32-bit)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft Sync Services for ADO.NET v2.0 (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NASCAR® Racing 2003 Season
Novacomd
Paint.NET v3.5.10
PDFCreator
Picasa 3
Pirate101
PowerDVD DX
PreEmptive Analytics Visual Studio Components
Quickset64
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Burn
Roxio CinePlayer Decoder Pack
Roxio Game Capture HD PRO
Roxio GameCAP HD PRO
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Toolbars
Skype™ 5.10
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
swMSM
Tournament Scheduler
Traqmate (Driver Removal)
TraqStudio V3.00
Tune Sweeper
Uninstall 1.0.0.1
Update for (KB2504637)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514)
VC80CRTRedist - 8.0.50727.6195
Visual C++ 8.0 Runtime Setup Package (x64)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio Extensions for Windows Library for JavaScript
VLC media player 2.0.1
VP Suite 5.2
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
WildTangent Games
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR 4.20 (32-bit)
Xara Photo & Graphic Designer 2013
YTD Video Downloader 4.0
.
==== Event Viewer Messages From Past Week ========
.
7/21/2013 7:59:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/21/2013 7:59:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/21/2013 7:58:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/21/2013 7:58:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/21/2013 7:58:04 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/21/2013 7:58:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/21/2013 7:57:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/21/2013 7:57:17 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/21/2013 7:55:33 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
7/21/2013 7:55:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache papycpu2 papyjoy spldr sptd Wanarpv6
7/21/2013 7:55:14 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2013 7:54:48 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\papyjoy.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/21/2013 7:54:48 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\papycpu2.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/21/2013 7:54:43 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/21/2013 7:54:08 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
7/21/2013 7:54:08 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.
7/21/2013 7:54:06 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/21/2013 7:54:04 AM, Error: Service Control Manager [7024] - The Network Location Awareness service terminated with service-specific error %%-1073610704.
7/21/2013 7:54:04 AM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
7/21/2013 7:54:04 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service has not been started.
7/21/2013 7:54:04 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The operation completed successfully.
7/21/2013 7:54:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/21/2013 7:53:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: papycpu2 papyjoy
7/21/2013 7:53:59 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: A system shutdown is in progress.
7/21/2013 7:53:39 AM, Error: Service Control Manager [7001] - The SQL Server Agent (MSSQLSERVER) service depends on the SQL Server (MSSQLSERVER) service which failed to start because of the following error: The service did not start due to a logon failure.
7/21/2013 7:53:37 AM, Error: Service Control Manager [7038] - The ReportServer service was unable to log on as .\Mike with the currently configured password due to the following error: %%-532459699 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/21/2013 7:53:37 AM, Error: Service Control Manager [7038] - The MSSQLServerOLAPService service was unable to log on as .\Mike with the currently configured password due to the following error: %%-532459699 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/21/2013 7:53:37 AM, Error: Service Control Manager [7038] - The MSSQLSERVER service was unable to log on as .\Mike with the currently configured password due to the following error: %%-532459699 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/21/2013 7:53:37 AM, Error: Service Control Manager [7038] - The MsDtsServer100 service was unable to log on as .\Mike with the currently configured password due to the following error: %%-532459699 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/21/2013 7:53:37 AM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
7/21/2013 7:53:37 AM, Error: Service Control Manager [7000] - The SQL Server Integration Services 10.0 service failed to start due to the following error: The service did not start due to a logon failure.
7/21/2013 7:53:37 AM, Error: Service Control Manager [7000] - The SQL Server Analysis Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
7/21/2013 7:53:37 AM, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
7/21/2013 7:53:37 AM, Error: LsaSrv [5000] - The security package Negotiate generated an exception. The exception information is the data.
7/21/2013 5:30:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache papycpu2 papyjoy spldr Wanarpv6
7/20/2013 9:36:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
7/20/2013 9:32:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.
7/20/2013 9:32:03 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/20/2013 9:25:45 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/20/2013 9:24:39 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: A system shutdown is in progress.
7/20/2013 9:15:46 PM, Error: Service Control Manager [7034] - The Fantapper Player Update Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2013 9:06:34 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The operation completed successfully.
7/20/2013 9:06:34 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/20/2013 9:06:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
7/20/2013 9:06:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/20/2013 9:06:28 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2013 9:04:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/20/2013 9:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/20/2013 9:04:19 PM, Error: Service Control Manager [7022] - The Fantapper Player Update Service service hung on starting.
7/20/2013 3:53:37 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
7/20/2013 3:42:57 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/20/2013 3:24:18 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2013 3:05:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/20/2013 3:05:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy papycpu2 papyjoy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf
7/20/2013 3:05:00 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2013 3:05:00 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2013 3:05:00 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2013 3:05:00 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2013 3:05:00 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2013 3:05:00 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2013 3:04:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2013 3:04:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2013 3:04:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2013 3:04:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2013 2:08:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/20/2013 1:52:22 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/20/2013 1:16:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/17/2013 10:56:51 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
7/17/2013 10:56:51 AM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x8007045B: A system shutdown is in progress.
.
==== End Of File ===========================

MrCharlie · July 21, 2013

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

mdbell16 · July 21, 2013

Here are the results of RK:

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Admin [Admin rights]
Mode : Scan -- Date : 07/21/2013 08:41:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Admin\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2653104385-454576173-445973913-1010\[...]\Run : SearchProtect (C:\Users\Admin\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\RunOnce : SpUninstallDeleteDir (rmdir /s /q "C:\Users\Admin\AppData\Roaming\SearchProtect" [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2653104385-454576173-445973913-1010\[...]\RunOnce : SpUninstallDeleteDir (rmdir /s /q "C:\Users\Admin\AppData\Roaming\SearchProtect" [x]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [x][7][x][-]) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2565GSX +++++
--- User ---
[MBR] a5e0780384e0a8d03dadc635d92fe18f
[bSP] 694dee98641478a77e169abb713805b6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MK2565GSX +++++
--- User ---
[MBR] 69dbf66c6093997061843416cf585d90
[bSP] a83a24340e59ea8cbbf2d8eaa19e98b0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3804 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07212013_084125.txt >>

MrCharlie · July 21, 2013

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

How To Run TDSSKiller

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
If in doubt about an entry....please ask or choose Skip
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

MrC

mdbell16 · July 21, 2013

System won't come up after reboot (can only login using safe mode). When I repeat the steps and do an F8 to come up in safe mode then TDSSKiller does not automatically launch and when I manually launch it the "loaded modules" box is not checked. Ideas?

MrCharlie · July 21, 2013

See if you can do this:

Please download Farbar Recovery Scan Tool and save it to a folder. (32bit version)

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

mdbell16 · July 21, 2013

Disregards my previous post, I was able to select "loaded modules" and then the other two options and start the scan. Results of three log files are below:

First log file: Too long, see attached (294Kb)

Second log file:

09:27:51.0454 1776 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
09:27:51.0922 1776 ============================================================
09:27:51.0922 1776 Current date / time: 2013/07/21 09:27:51.0922
09:27:51.0922 1776 SystemInfo:
09:27:51.0922 1776
09:27:51.0922 1776 OS Version: 6.1.7601 ServicePack: 1.0
09:27:51.0922 1776 Product type: Workstation
09:27:51.0922 1776 ComputerName: HOMELAPTOP
09:27:51.0922 1776 UserName: Admin
09:27:51.0922 1776 Windows directory: C:\Windows
09:27:51.0922 1776 System windows directory: C:\Windows
09:27:51.0922 1776 Running under WOW64
09:27:51.0922 1776 Processor architecture: Intel x64
09:27:51.0922 1776 Number of processors: 2
09:27:51.0922 1776 Page size: 0x1000
09:27:51.0922 1776 Boot type: Safe boot with network
09:27:51.0922 1776 ============================================================
09:27:52.0639 1776 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:27:52.0639 1776 Drive \Device\Harddisk1\DR1 - Size: 0xEE377E00 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:27:52.0639 1776 ============================================================
09:27:52.0639 1776 \Device\Harddisk0\DR0:
09:27:52.0639 1776 MBR partitions:
09:27:52.0639 1776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
09:27:52.0639 1776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
09:27:52.0639 1776 \Device\Harddisk1\DR1:
09:27:52.0639 1776 MBR partitions:
09:27:52.0639 1776 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x76E366
09:27:52.0639 1776 ============================================================
09:27:52.0686 1776 C: <-> \Device\Harddisk0\DR0\Partition2
09:27:52.0686 1776 ============================================================
09:27:52.0686 1776 Initialize success
09:27:52.0686 1776 ============================================================
09:27:59.0207 1772 Deinitialize success

Third log file:

09:19:16.0542 1868 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
09:19:16.0683 1868 ============================================================
09:19:16.0683 1868 Current date / time: 2013/07/21 09:19:16.0683
09:19:16.0683 1868 SystemInfo:
09:19:16.0683 1868
09:19:16.0683 1868 OS Version: 6.1.7601 ServicePack: 1.0
09:19:16.0683 1868 Product type: Workstation
09:19:16.0683 1868 ComputerName: HOMELAPTOP
09:19:16.0683 1868 UserName: Admin
09:19:16.0683 1868 Windows directory: C:\Windows
09:19:16.0683 1868 System windows directory: C:\Windows
09:19:16.0683 1868 Running under WOW64
09:19:16.0683 1868 Processor architecture: Intel x64
09:19:16.0683 1868 Number of processors: 2
09:19:16.0683 1868 Page size: 0x1000
09:19:16.0683 1868 Boot type: Safe boot with network
09:19:16.0683 1868 ============================================================
09:19:17.0135 1868 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:19:17.0135 1868 Drive \Device\Harddisk1\DR5 - Size: 0xEE377E00 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:19:17.0135 1868 ============================================================
09:19:17.0135 1868 \Device\Harddisk0\DR0:
09:19:17.0135 1868 MBR partitions:
09:19:17.0135 1868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
09:19:17.0135 1868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
09:19:17.0135 1868 \Device\Harddisk1\DR5:
09:19:17.0135 1868 MBR partitions:
09:19:17.0135 1868 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x76E366
09:19:17.0135 1868 ============================================================
09:19:17.0166 1868 C: <-> \Device\Harddisk0\DR0\Partition2
09:19:17.0166 1868 ============================================================
09:19:17.0166 1868 Initialize success
09:19:17.0166 1868 ============================================================
09:19:30.0738 0996 Deinitialize success

TDSSKiller.2.8.18.0_21.07.2013_09.33.40_log.txt

MrCharlie · July 21, 2013

Doesn't seem to be a problem, can you post the logs from MBAR that shows the infection.

MrC

mdbell16 · July 21, 2013

Here is the MBAR log file from yesterday, the biggest symptom is that I cannot log into the laptop after a normal boot - it says bad password. Have to boot in safe mode, same password works but then there is no network connection. Lots of popup warnings and when you try to uninstall apps in control panel it says you don't have sufficient rights even though logged in as admin.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16618
Admin :: HOMELAPTOP [administrator]

7/20/2013 2:27:21 PM
MBAM-log-2013-07-20 (14-52-37).txt

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 624 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Donald\AppData\Local\Temp\0.6271810077850491 (Trojan.Happili) -> No action taken.
C:\Users\Donald\AppData\Local\Temp\0.8054548470430521 (Rootkit.0Access) -> No action taken.
C:\Users\Mike\AppData\Local\Temp\err.log1129400 (Trojan.Agent) -> No action taken.
C:\Users\Donald\AppData\Local\Temp\is259369358\PricePeepInstaller.exe (Adware.Shopper) -> No action taken.
C:\Users\Donald\Downloads\fl studio setup.exe (PUP.AdBundle) -> No action taken.
C:\Users\Donald\Downloads\winrar setup.exe (PUP.AdBundle) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

mdbell16 · July 21, 2013

Sorry, that was the MBAM log, here is the MBAR:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org

Database version: v2013.06.01.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 10.0.9200.16618

Admin :: HOMELAPTOP [administrator]

7/21/2013 5:48:39 AM

mbar-log-2013-07-21 (05-48-39).txt

Scan type: Quick scan

Scan options disabled: PUP

Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.

Objects scanned: 387610

Time elapsed: 2 hour(s), 3 minute(s), 22 second(s)

Memory Processes Detected: 1

c:\Windows\svchost.exe (Trojan.Agent) -> 1312 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

c:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

Physical Sectors Detected: 3

Physical Sector #54 on Drive #0 (Rootkit.Pihar.c.MBR) -> Replace on reboot.

Master Boot Record on Drive #0 (Rootkit.Pihar.c.MBR) -> Replace on reboot.

Physical Sector #488396880 on Drive #0 (Forged physical sector) -> Replace on reboot.

(end)

MrCharlie · July 21, 2013

Please download Farbar Recovery Scan Tool and save it to a folder. (64bit version)

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

mdbell16 · July 21, 2013

Here are the two files from the FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by Admin (administrator) on 21-07-2013 10:06:09
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\helppane.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [MRT] - C:\Windows\system32\MRT.exe [78185248 2013-07-20] (Microsoft Corporation)
HKLM\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [18240 2010-01-22] (Dell)
HKLM\...\Runonce: [GrpConv] - grpconv -o [x]
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks)
HKLM-x32\...\Runonce: [spUninstallCleanUp] - REG delete HKEY_CURRENT_USER\Software\SearchProtect /f [x]
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKLM-x32\...\Runonce: [ (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [x]
HKLM-x32\...\Runonce: [D2D2261C-3262-442E-8184-96D66FBEEC07] - cmd.exe /C start /D "C:\Users\Admin\AppData\Local\Temp" /B D2D2261C-3262-442E-8184-96D66FBEEC07.exe -activeimages -postboot [x]
HKLM-x32\...\Runonce: [ACED6B66-4B94-4CA2-9CC1-7D770F844245] - cmd.exe /C start /D "C:\Users\Admin\AppData\Local\Temp" /B ACED6B66-4B94-4CA2-9CC1-7D770F844245.exe -activeimages -postboot [x]
Winlogon\Notify\avgwlx64: avgwlx64.dll [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKCU\...\Run: [searchProtect] - C:\Users\Admin\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [19676256 2013-06-06] (Google)
HKCU\...\Run: [GoogleChromeAutoLaunch_68486C93B827CA2C6824B95048E28803] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-03] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Donald\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-11] (Google Inc.)
HKCU\...\Runonce: [spUninstallDeleteDir] - rmdir /s /q "C:\Users\Admin\AppData\Roaming\SearchProtect" [x]
HKLM-x32\...\Run: [PDVDDXSrv] - "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296096 2012-08-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [searchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [x]
HKLM-x32\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] - "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] ()
HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [DellComms] - "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms [206064 2009-05-05] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\CBS\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKU\CBS\...\Run: [searchProtect] - C:\Users\CBS\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKU\Donald\...\Run: [GoogleChromeAutoLaunch_68486C93B827CA2C6824B95048E28803] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [846288 2013-07-03] (Google Inc.)
HKU\Donald\...\Run: [Google Update] - "C:\Users\Donald\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-11] (Google Inc.)
HKU\Donald\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [x]
HKU\Donald\...\Run: [searchProtect] - C:\Users\Donald\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKU\Mike\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
HKU\Mike\...\Run: [searchProtect] - C:\Users\Mike\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKU\Mike\...\Winlogon: [shell]
Startup: C:\Users\CBS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {FD110E17-F050-4B5C-B16F-EFFF33BDB9A5} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={73C6B2C9-C0CD-11E2-860A-A4BADBC79A21}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {6A9D9E48-CCE0-4EA1-B1AA-C60FB1516B0E} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={73C6B2C9-C0CD-11E2-860A-A4BADBC79A21}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={01C9BE54-3E1A-4928-812D-E08C6D04C33C}&mid=a36b32fbebdd241238b0e48f09cd0040-5fd6d9346e18916724bf39869d9b801302ab2b57〈=us&ds=AVG&pr=fr&d=2011-12-14 20:05:47&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={01C9BE54-3E1A-4928-812D-E08C6D04C33C}&mid=a36b32fbebdd241238b0e48f09cd0040-5fd6d9346e18916724bf39869d9b801302ab2b57〈=us&ds=AVG&pr=fr&d=2011-12-14 20:05:47&v=11.1.0.12&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll No File
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll No File
DPF: HKLM-x32 {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cio-chime.webex.com/client/T27LD/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1342024 2012-12-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2010-09-17] ()
S4 FTSvc; C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [14336 2012-04-23] (Brand Affinity Technologies)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S4 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [521896 2012-08-04] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
S2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [214040 2008-07-10] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [57820696 2008-07-10] (Microsoft Corporation)
S2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [43709464 2008-07-10] (Microsoft Corporation)
S4 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [71168 2011-03-15] (Palm)
S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2045464 2008-07-10] (Microsoft Corporation)
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1095824 2012-08-02] (Corel Corporation)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-10] (Microsoft Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-04] (AVG Secure Search)
S4 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-16] ()
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
S3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x]

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-04] (AVG Technologies)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [101632 2012-08-02] (UT)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-07-21] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-07-21] ()
S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-07-21] (Malwarebytes Corporation)
S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-07-21] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-03-07] ()
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S0x01000000 papycpu2; \SystemRoot\System32\DRIVERS\papycpu2.sys [x]
S0x01000000 papyjoy; \SystemRoot\System32\DRIVERS\papyjoy.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-21 10:06 - 2013-07-21 10:06 - 00000000 ____D C:\FRST
2013-07-21 10:05 - 2013-07-21 10:03 - 01779345 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-21 09:19 - 2013-07-21 09:15 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2013-07-21 08:41 - 2013-07-21 08:41 - 00003314 _____ C:\Users\Admin\Desktop\RKreport[0]_S_07212013_084125.txt
2013-07-21 08:39 - 2013-07-21 08:41 - 00000000 ____D C:\Users\Admin\Desktop\RK_Quarantine
2013-07-21 08:39 - 2013-07-21 08:36 - 03778560 _____ C:\Users\Admin\Desktop\RogueKillerX64.exe
2013-07-21 08:20 - 2013-07-21 08:20 - 00031426 _____ C:\Users\Admin\Desktop\attach.txt
2013-07-21 08:20 - 2013-07-21 08:20 - 00019955 _____ C:\Users\Admin\Desktop\dds.txt
2013-07-21 08:14 - 2013-07-21 08:11 - 00688992 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2013-07-21 08:01 - 2013-07-21 08:01 - 00287304 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys
2013-07-21 08:00 - 2012-04-12 14:51 - 10718472 _____ (BitDefender LLC) C:\Users\Admin\Desktop\1334231482_BDRemoval_Tool_AntiBootkit_x64.exe
2013-07-21 05:48 - 2013-07-21 07:52 - 00000000 ____D C:\Users\Admin\Desktop\mbar
2013-07-21 05:48 - 2013-07-21 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-21 05:48 - 2013-07-21 05:48 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-21 05:48 - 2013-07-21 05:48 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-07-21 05:47 - 2013-07-21 05:42 - 13399154 _____ C:\Users\Admin\Desktop\mbar-1.06.0.1004.zip
2013-07-20 17:38 - 2013-07-20 17:38 - 00000000 ____D C:\Users\Admin\Desktop\rkill
2013-07-20 17:37 - 2013-07-20 17:51 - 00003542 _____ C:\Users\Admin\Desktop\Rkill.txt
2013-07-20 17:37 - 2013-07-20 17:33 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.com
2013-07-20 16:35 - 2013-07-20 16:35 - 00003288 ____N C:\bootsqm.dat
2013-07-20 16:32 - 2013-07-20 16:32 - 00000000 __SHD C:\found.001
2013-07-20 15:44 - 2013-07-20 15:44 - 00002253 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-07-20 15:44 - 2013-07-20 15:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-07-20 14:58 - 2013-07-20 14:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SearchProtect
2013-07-20 14:58 - 2013-07-20 14:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\AVG2013
2013-07-20 14:58 - 2013-07-20 14:58 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2013
2013-07-20 14:26 - 2013-07-20 14:26 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-20 14:26 - 2013-07-20 14:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-07-20 14:26 - 2013-07-20 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-20 14:26 - 2013-07-20 14:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 14:26 - 2013-07-20 14:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-20 14:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-20 14:20 - 2013-07-20 14:19 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Desktop\SpyHunter-Installer.exe
2013-07-20 14:17 - 2013-07-20 14:17 - 00000000 _____ C:\Windows\setuperr.log
2013-07-20 14:08 - 2013-07-20 14:08 - 00000000 ____D C:\Users\Admin\Documents\Visual Studio 2012
2013-07-20 14:06 - 2013-07-20 14:06 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2013-07-20 13:49 - 2013-07-20 13:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WinRAR
2013-07-20 13:18 - 2013-07-21 05:44 - 00000502 _____ C:\Users\Admin\Desktop\avgrep.txt
2013-07-20 13:17 - 2013-07-20 13:18 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg2013
2013-07-20 13:17 - 2013-07-20 13:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVG2013
2013-07-20 13:15 - 2013-07-20 13:15 - 00000000 ____D C:\Windows\system32\config\mybackup
2013-07-20 12:48 - 2013-07-20 12:48 - 00000000 ____D C:\Users\Admin\AppData\LocalGoogle
2013-07-13 18:13 - 2013-07-13 18:18 - 00000812 _____ C:\Windows\system32\avgrep.txt
2013-06-28 12:16 - 2013-06-28 12:16 - 00000000 ____D C:\Users\Donald\AppData\Local\{4856F6BA-13A0-4BF1-B72E-9E87F90BAAE4}
2013-06-28 00:15 - 2013-06-28 00:16 - 00000000 ____D C:\Users\Donald\AppData\Local\{AAE45FBB-D102-4592-8940-51C2F6657732}
2013-06-27 12:15 - 2013-06-27 12:15 - 00000000 ____D C:\Users\Donald\AppData\Local\{CF43D4FA-AE40-427E-B815-0121CE587F93}
2013-06-27 00:14 - 2013-06-27 00:14 - 00000000 ____D C:\Users\Donald\AppData\Local\{3695C97B-07F4-49FA-8FF8-2D1666C3481E}
2013-06-26 12:14 - 2013-06-26 12:14 - 00000000 ____D C:\Users\Donald\AppData\Local\{44EE2CF4-F977-491F-AD5B-F35C17658455}
2013-06-26 00:13 - 2013-06-26 00:13 - 00000000 ____D C:\Users\Donald\AppData\Local\{413C3619-1972-4B2E-B030-EE0F74AA807A}

==================== One Month Modified Files and Folders =======

2013-07-21 10:06 - 2013-07-21 10:06 - 00000000 ____D C:\FRST
2013-07-21 10:03 - 2013-07-21 10:05 - 01779345 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-21 09:22 - 2013-05-18 11:57 - 00000394 _____ C:\Windows\Tasks\Sing Along Update.job
2013-07-21 09:22 - 2011-10-10 07:01 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-21 09:21 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 09:21 - 2009-07-13 23:51 - 00097148 _____ C:\Windows\setupact.log
2013-07-21 09:15 - 2013-07-21 09:19 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2013-07-21 08:41 - 2013-07-21 08:41 - 00003314 _____ C:\Users\Admin\Desktop\RKreport[0]_S_07212013_084125.txt
2013-07-21 08:41 - 2013-07-21 08:39 - 00000000 ____D C:\Users\Admin\Desktop\RK_Quarantine
2013-07-21 08:36 - 2013-07-21 08:39 - 03778560 _____ C:\Users\Admin\Desktop\RogueKillerX64.exe
2013-07-21 08:20 - 2013-07-21 08:20 - 00031426 _____ C:\Users\Admin\Desktop\attach.txt
2013-07-21 08:20 - 2013-07-21 08:20 - 00019955 _____ C:\Users\Admin\Desktop\dds.txt
2013-07-21 08:11 - 2013-07-21 08:14 - 00688992 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2013-07-21 08:01 - 2013-07-21 08:01 - 00287304 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys
2013-07-21 07:52 - 2013-07-21 05:48 - 00000000 ____D C:\Users\Admin\Desktop\mbar
2013-07-21 07:52 - 2013-07-21 05:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-21 05:48 - 2013-07-21 05:48 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-21 05:48 - 2013-07-21 05:48 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-07-21 05:46 - 2012-07-04 15:31 - 00132576 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 05:44 - 2013-07-20 13:18 - 00000502 _____ C:\Users\Admin\Desktop\avgrep.txt
2013-07-21 05:42 - 2013-07-21 05:47 - 13399154 _____ C:\Users\Admin\Desktop\mbar-1.06.0.1004.zip
2013-07-21 05:40 - 2009-07-14 00:13 - 00954820 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-20 21:15 - 2010-05-28 09:27 - 01753072 _____ C:\Windows\PFRO.log
2013-07-20 21:06 - 2012-07-04 15:31 - 00000000 ____D C:\Users\Admin\AppData\Local\SoftThinks
2013-07-20 21:06 - 2009-07-14 00:10 - 01353255 _____ C:\Windows\WindowsUpdate.log
2013-07-20 21:06 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 21:06 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 21:04 - 2012-08-22 11:43 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2653104385-454576173-445973913-1013UA.job
2013-07-20 21:02 - 2009-07-14 00:08 - 00032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-20 21:00 - 2012-07-04 15:31 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-20 20:44 - 2013-04-05 15:41 - 00000129 _____ C:\Windows\system32\MRT.INI
2013-07-20 20:41 - 2011-10-10 07:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-20 20:40 - 2010-08-06 19:29 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-20 20:34 - 2010-11-13 09:47 - 00000000 ____D C:\ProgramData\MFAData
2013-07-20 20:26 - 2012-09-06 17:53 - 00000000 ____D C:\Program Files (x86)\Playbryte
2013-07-20 17:51 - 2013-07-20 17:37 - 00003542 _____ C:\Users\Admin\Desktop\Rkill.txt
2013-07-20 17:38 - 2013-07-20 17:38 - 00000000 ____D C:\Users\Admin\Desktop\rkill
2013-07-20 17:33 - 2013-07-20 17:37 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.com
2013-07-20 17:00 - 2010-05-28 09:56 - 00000000 ____D C:\dell
2013-07-20 16:35 - 2013-07-20 16:35 - 00003288 ____N C:\bootsqm.dat
2013-07-20 16:32 - 2013-07-20 16:32 - 00000000 __SHD C:\found.001
2013-07-20 15:44 - 2013-07-20 15:44 - 00002253 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-07-20 15:44 - 2013-07-20 15:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-07-20 15:44 - 2012-07-04 15:32 - 00001451 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-20 15:44 - 2012-07-04 15:32 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-20 14:58 - 2013-07-20 14:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SearchProtect
2013-07-20 14:58 - 2013-07-20 14:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\AVG2013
2013-07-20 14:58 - 2013-07-20 14:58 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2013
2013-07-20 14:58 - 2012-08-08 20:27 - 00000000 ____D C:\Users\Mike\AppData\Local\LogMeIn Hamachi
2013-07-20 14:26 - 2013-07-20 14:26 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-20 14:26 - 2013-07-20 14:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-07-20 14:26 - 2013-07-20 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-20 14:26 - 2013-07-20 14:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 14:24 - 2013-07-20 14:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-20 14:19 - 2013-07-20 14:20 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Desktop\SpyHunter-Installer.exe
2013-07-20 14:17 - 2013-07-20 14:17 - 00000000 _____ C:\Windows\setuperr.log
2013-07-20 14:08 - 2013-07-20 14:08 - 00000000 ____D C:\Users\Admin\Documents\Visual Studio 2012
2013-07-20 14:06 - 2013-07-20 14:06 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2013-07-20 13:49 - 2013-07-20 13:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WinRAR
2013-07-20 13:18 - 2013-07-20 13:17 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg2013
2013-07-20 13:17 - 2013-07-20 13:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVG2013
2013-07-20 13:17 - 2012-07-22 11:33 - 00000000 ____D C:\Users\Donald
2013-07-20 13:15 - 2013-07-20 13:15 - 00000000 ____D C:\Windows\system32\config\mybackup
2013-07-20 13:05 - 2013-05-18 13:41 - 00000000 ____D C:\Users\Donald\AppData\Roaming\AVG2013
2013-07-20 13:05 - 2012-10-23 19:24 - 00000000 ____D C:\Users\CBS
2013-07-20 13:05 - 2012-07-23 12:32 - 00000000 ____D C:\Users\Donald\AppData\Local\LogMeIn Hamachi
2013-07-20 13:05 - 2012-07-04 15:31 - 00000000 ____D C:\Users\Admin
2013-07-20 13:05 - 2010-07-24 11:38 - 00000000 ____D C:\Users\Mike
2013-07-20 13:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-07-20 13:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-20 13:04 - 2013-05-18 12:24 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-20 13:04 - 2011-02-21 15:28 - 00000000 ____D C:\ProgramData\Real
2013-07-20 12:48 - 2013-07-20 12:48 - 00000000 ____D C:\Users\Admin\AppData\LocalGoogle
2013-07-20 12:20 - 2011-04-03 15:33 - 00000000 __SHD C:\Users\Mike\UserData
2013-07-13 18:18 - 2013-07-13 18:13 - 00000812 _____ C:\Windows\system32\avgrep.txt
2013-07-13 18:13 - 2013-05-18 11:58 - 00000000 ____D C:\Users\Donald\AppData\Local\Avg2013
2013-07-12 11:52 - 2013-04-04 18:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 11:52 - 2013-04-04 18:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 11:52 - 2010-05-28 07:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 11:52 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 11:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 11:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 11:52 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-12 03:42 - 2012-07-22 11:34 - 00000000 ____D C:\Users\Donald\AppData\Local\AVG Secure Search
2013-07-11 02:16 - 2012-08-22 11:43 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2653104385-454576173-445973913-1013Core.job
2013-07-04 03:11 - 2013-05-18 14:09 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-04 03:11 - 2012-08-04 20:34 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-04 03:11 - 2011-12-14 21:05 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-28 12:16 - 2013-06-28 12:16 - 00000000 ____D C:\Users\Donald\AppData\Local\{4856F6BA-13A0-4BF1-B72E-9E87F90BAAE4}
2013-06-28 12:16 - 2012-07-28 12:35 - 00000000 ____D C:\Users\Donald\AppData\Local\Windows Live
2013-06-28 00:16 - 2013-06-28 00:15 - 00000000 ____D C:\Users\Donald\AppData\Local\{AAE45FBB-D102-4592-8940-51C2F6657732}
2013-06-27 12:15 - 2013-06-27 12:15 - 00000000 ____D C:\Users\Donald\AppData\Local\{CF43D4FA-AE40-427E-B815-0121CE587F93}
2013-06-27 00:14 - 2013-06-27 00:14 - 00000000 ____D C:\Users\Donald\AppData\Local\{3695C97B-07F4-49FA-8FF8-2D1666C3481E}
2013-06-26 12:14 - 2013-06-26 12:14 - 00000000 ____D C:\Users\Donald\AppData\Local\{44EE2CF4-F977-491F-AD5B-F35C17658455}
2013-06-26 00:13 - 2013-06-26 00:13 - 00000000 ____D C:\Users\Donald\AppData\Local\{413C3619-1972-4B2E-B030-EE0F74AA807A}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-13 19:57

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2013
Ran by Admin at 2013-07-21 10:08:58
Running from C:\Users\Admin\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Installed Programs =======================

Tools for .Net 3.5 (x32 Version: 3.11.50727)
Update for Microsoft Office 2007 (KB2508958) (x32)
Active@ ISO Burner (x32 Version: 2.1.0)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.1.102.55)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0)
Adobe Reader 9.5.1 (x32 Version: 9.5.1)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.3 (x32 Version: 2.0.3)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 2013.0.2904)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Cozi (x32 Version: 1.0.4323.24051)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Communications (Support Software) (x32 Version: 1.0.09094)
Dell DataSafe Local Backup - Support Software (x32 Version: 2.41)
Dell DataSafe Local Backup (x32 Version: 9.3.92)
Dell Dock (Version: 2.0)
Dell Dock (x32)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Support Center (Support Software) (x32 Version: 2.5.09100)
Dell Touchpad (Version: 7.1102.115.102)
Dell Webcam Central (x32 Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
DHTML Editing Component (x32 Version: 6.02.0001)
DirectX 9 Runtime (x32 Version: 1.00.0000)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298)
dows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (Version: 10/09/2009 1.0.1)
Dragon NaturallySpeaking 11 (x32 Version: 11.50.100)
Driver Install 64-Bit (x32 Version: 3.10.607.1)
Duplicate Cleaner 2.1b (x32 Version: 2.1b)
EZ Grabber (x32 Version: 1.00.0000)
Fantapper Updater (x32 Version: 2.0.1)
ffdshow [rev 3222] [2010-01-23] (x32 Version: 1.0.0.3222)
FirstRowSportApp (x32 Version: 2.1 Build 26473)
FlipShare (x32 Version: 5.8.11.0)
Free RAR Extract Frog (x32 Version: 3.22)
Free Video Flip and Rotate version 1.8.10 (x32)
Google Chrome (x32 Version: 28.0.1500.71)
Google Drive (x32 Version: 1.10.4769.632)
Google Earth (x32 Version: 7.0.3.8542)
Google Talk Plugin (x32 Version: 3.19.1.13088)
Google Update Helper (x32 Version: 1.3.21.145)
GoToAssist 8.0.0.514 (x32)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iRacing.com Race Simulation (x32 Version: 1.01.0354)
iTunes (Version: 10.6.1.7)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Java 6 Update 18 (64-bit) (Version: 6.0.180)
Java 6 Update 31 (x32 Version: 6.0.310)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1)
LocalESPC (x32 Version: 8.59.25584)
LocalESPCui for en-us (x32 Version: 8.59.25584)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (x32 Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (x32 Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727)
Microsoft NuGet - Visual Studio 2012 (x32 Version: 2.0.30625.9003)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Project MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Project Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 1.2.1)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.50709.17929)
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 11.0.50709.17929)
Microsoft Project 2010 Service Pack 1 (SP1) (x32)
Microsoft Project Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (x32 Version: 8.0.50727.4053)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (x32 Version: 9.0)
Microsoft Report Viewer Add-On for Visual Studio 2012 (x32 Version: 11.1.2802.16)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Analysis Services (Version: 10.0.1600.22)
Microsoft SQL Server 2008 BI Development Studio (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Client Tools (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Full text search (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Integration Services (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Management Studio (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Reporting Services (Version: 10.0.1600.22)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22)
Microsoft SQL Server 2012 Data-Tier App Framework (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Data-Tier App Framework (x32 Version: 11.0.2316.0)
Microsoft SQL Server 2012 Express LocalDB (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service (x32 Version: 11.0.2100.60)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
Microsoft SQL Server PowerPivot for Excel (32-bit) (x32 Version: 10.50.1747.0)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1600.1)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
Microsoft Sync Services for ADO.NET v2.0 (x64) (Version: 2.0.1215.0)
Microsoft System CLR Types for SQL Server 2012 (x32 Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers - ENU Resources (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Extended Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Devenv (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Devenv Resources (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools - ENU (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools (Version: 11.0.50727)
Microsoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1)
Microsoft Visual Studio Professional 2012 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (x32 Version: 11.0.50727.1)
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 (x32 Version: 11.0.50727.1)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727)
Microsoft Web Deploy dbSqlPackage Provider - enu (x32 Version: 10.3.20225.0)
Microsoft Works (x32 Version: 9.7.0621)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NASCAR® Racing 2003 Season (x32)
Novacomd (Version: 1.0.0.73)
Paint.NET v3.5.10 (Version: 3.60.0)
PDFCreator (x32 Version: 1.2.0)
Picasa 3 (x32 Version: 3.8)
Pirate101 (x32 Version: 1.0.0)
PowerDVD DX (x32 Version: 8.3.6029)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1)
Quickset64 (Version: 9.6.6)
QuickTime (x32 Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.6)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Roxio Burn (x32 Version: 1.01)
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0)
Roxio Game Capture HD PRO (x32 Version: 1.0)
Roxio Game Capture HD PRO (x32 Version: 1.0.135)
Roxio GameCAP HD PRO (x32 Version: 1.00.0000)
Skype Toolbars (x32 Version: 1.0.4036)
Skype™ 5.10 (x32 Version: 5.10.116)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22)
swMSM (x32 Version: 12.0.0.1)
Tournament Scheduler (x32 Version: Free Trial Version 6.1.27)
Traqmate (Driver Removal) (x32)
TraqStudio V3.00 (x32 Version: 3.00)
Tune Sweeper (x32 Version: 2.001)
Uninstall 1.0.0.1 (x32)
Update for (KB2504637) (x32 Version: 1)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Visio 2007 Help (KB963666) (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visual Studio 2012 (KB2781514) (x32 Version: 11.0.50727)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.200)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2012 Prerequisites - ENU Language Pack (Version: 11.0.50727)
Visual Studio 2012 Prerequisites (Version: 11.0.50727)
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.8514.0)
VLC media player 2.0.1 (x32 Version: 2.0.1)
VP Suite 5.2 (x32)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0)
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0)
WCF RIA Services V1.0 SP2 (x32 Version: 4.1.61829.0)
WildTangent Games (x32 Version: 1.0.0.71)
Windows App Certification Kit Native Components (Version: 8.59.25584)
Windows App Certification Kit x64 (x32 Version: 8.59.25584)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Runtime Intellisense Content - en-us (x32 Version: 8.59.25584)
Windows Software Development Kit (x32 Version: 8.59.25584)
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Xara Photo & Graphic Designer 2013 (Version: 8.1.3.23942)
Xara Photo & Graphic Designer 2013 (x32 Version: 8.1.3.23942)
YTD Video Downloader 4.0 (x32 Version: 4.0)

==================== Restore Points =========================

20-07-2013 20:53:56 Removed Internet Explorer Toolbar 4.8 by SweetPacks
20-07-2013 20:56:12 Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
21-07-2013 01:39:43 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {18FB0FDA-5968-4EEF-A653-1E0D765ACF66} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {2288A28C-0661-4AEF-A1F7-B72AF0B0D4B5} - System32\Tasks\Sing Along Update => C:\Program Files (x86)\SingAlong\SingalngUpdater.exe No File
Task: {3A1E9D3C-CE11-4700-B75A-92529C177670} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2653104385-454576173-445973913-1013 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {3EBA7259-FBC1-416E-9258-925963DC6E5F} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe No File
Task: {5143ACDF-4D0A-4B06-9D6E-907853F88FC7} - System32\Tasks\{2C61D0B5-37C6-458C-B6BF-84286BBA8CA2} => C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2013-05-16] (Microsoft Corporation)
Task: {53E34F39-C867-4258-BE2F-C837723AF35E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2653104385-454576173-445973913-1013 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {57418492-01F3-4572-98E1-C42915EC7735} - System32\Tasks\D6QJ7DL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {5BEC4175-339A-4F79-ACC2-F246D91058C1} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe [2013-05-16] (Microsoft Corporation)
Task: {61C8CF69-8719-4124-BD34-6D253619C1B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-10] (Google Inc.)
Task: {7CB6C4D5-DC7C-4360-BA0E-753D809D98A2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2653104385-454576173-445973913-1000
Task: {834F193C-9245-4624-90FE-C1F0D4C05F1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2653104385-454576173-445973913-1013UA => C:\Users\Donald\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: {8D7DD69F-F81A-4F2B-9892-A069D6D46C3A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2653104385-454576173-445973913-1013Core => C:\Users\Donald\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: {94B784EF-F886-4D3D-B45D-DD873C8E97E7} - System32\Tasks\4775 => C:\Windows\System32\wscript.exe [2009-07-13] (Microsoft Corporation)
Task: {AACD4AFC-59BE-4E64-BFED-84E03AF5FD52} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {B5AFCC2A-1C73-4F4F-B765-50867D2B5A03} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2653104385-454576173-445973913-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {B6537D42-C060-4F63-8CB1-AB07AD68EBC3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2653104385-454576173-445973913-1013 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {B9BAD18E-1523-4CBC-BF56-86E8138894DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-10] (Google Inc.)
Task: {F71B83AB-8281-4F57-BEAF-133C01060052} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2653104385-454576173-445973913-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2653104385-454576173-445973913-1013Core.job => C:\Users\Donald\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2653104385-454576173-445973913-1013UA.job => C:\Users\Donald\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Sing Along Update.job => C:\Program Files (x86)\SingAlong\SingalngUpdater.exe

==================== Faulty Device Manager Devices =============

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2013 07:52:06 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Users\Admin\Desktop\mbar\mbar.exe ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

Error: (07/20/2013 09:15:59 PM) (Source: VsJITDebugger) (User: NT AUTHORITY)
Description: An unhandled exception ('System.IO.FileNotFoundException') occurred in BCMWLTRY.EXE [3744]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on.