svchost.exe Trojan

katiejones2010 · August 23, 2013

Somehow managed to get this nasty trojan on my WORK computer. The speedier the help the better, I am really trying to not get fired here :-/

I am using a Dell OptiPlex 790 running Windows 7

I ran Malware Bytes Quick Scan and it found nothing.

I tried to run DDS but its not working, it'll start but it just says that its creating the logs for over 15 minutes and does nothing.

Please help!

Thank you so much!!

Maniac · August 23, 2013

Hello katiejones2010 and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

katiejones2010 · August 23, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.5.1
Run by gsc at 10:06:01 on 2013-08-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.2218 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\gsc\AppData\Local\Temp\nsfFE1F.tmp\PEV.DAT
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///C:/Windows/I-net.htm
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [spark] C:\Program Files (x86)\Spark\Spark.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\gsc\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: Wallpaper = C:\Windows\web\wallpaper\gsc\GSClogon
uPolicies-System: WallpaperStyle = 0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: legalnoticecaption = Please Follow GSC Policy When Using This System
mPolicies-System: legalnoticetext = * * * * * * * W A R N I N G * * * * * * *
This computer system is the property of General Services Corp. It is for authorized use only. Unauthorized or improper use of this system may result in administrative disciplinary action. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use.
* * * * * GSC * * * * *
mPolicies-System: DisableCAD = dword:1
mPolicies-System: HideFastUserSwitching = dword:1
mPolicies-Windows\System: UseOEMBackground = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: Wallpaper = C:\Windows\web\wallpaper\gsc\GSClogon
mPolicies-System: WallpaperStyle = 0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{1AF9C57A-95FB-4CD7-A572-982DC7A29DA9} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2012-11-6 122776]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-6 52664]
R1 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2007-2-9 15864]
R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2012-11-6 39288]
R2 DLABMFSE;DLABMFSE;C:\Windows\System32\DLA\DLABMFSE.SYS [2012-11-6 44152]
R2 DLABOIOE;DLABOIOE;C:\Windows\System32\DLA\DLABOIOE.SYS [2012-11-6 41976]
R2 DLADResE;DLADResE;C:\Windows\System32\DLA\DLADResE.SYS [2012-11-6 10360]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\DLA\DLAIFS_E.SYS [2012-11-6 141432]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\DLA\DLAOPIOE.SYS [2012-11-6 33656]
R2 DLAPoolE;DLAPoolE;C:\Windows\System32\DLA\DLAPoolE.SYS [2012-11-6 18040]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\DLA\DLAUDF_E.SYS [2012-11-6 143096]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\DLA\DLAUDFAE.SYS [2012-11-6 136952]
R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2007-2-9 63608]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-25 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-25 376168]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-2-15 72216]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-20 2656280]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-20 317440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-5 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-5 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-5 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-08-23 13:31:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-23 13:31:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-23 12:40:29 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C77F809D-4456-405E-86AC-7B658889EDD6}\mpengine.dll
2013-08-23 12:32:17 -------- d-----w- C:\Windows\System32\%LocalAppData%
2013-08-21 16:04:06 -------- d-----w- C:\Windows\System32\MRT
2013-08-19 18:21:12 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-08-19 18:21:12 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-08-19 18:21:12 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-08-19 18:21:12 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-08-19 18:21:12 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-08-19 18:21:12 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-08-19 18:21:12 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-08-19 18:21:11 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-08-19 18:21:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-08-19 18:21:02 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-08-19 18:21:00 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-08-19 18:20:59 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-08-19 18:20:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-08-19 18:20:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-08-19 18:20:59 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-19 18:20:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-19 18:20:36 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-19 18:20:00 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-19 18:19:59 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-19 18:19:58 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-19 18:19:58 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-19 18:19:44 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-19 18:19:44 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-08-19 18:19:43 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-19 18:18:35 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-19 18:17:27 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-19 18:17:27 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-19 18:17:27 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-19 18:17:27 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-19 18:17:27 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-19 18:17:27 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-19 18:17:26 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-19 18:17:26 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2013-08-23 13:01:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-23 13:01:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
.
============= FINISH: 11:05:52.48 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/20/2011 11:09:44 AM
System Uptime: 8/23/2013 8:34:36 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0HY9JP
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
BlueZone
Cisco Systems VPN Client 5.0.07.0440
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
HP LaserJet Enterprise 600 M601, M602 & M603 printer series
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java 7 Update 5
JavaFX 2.1.1
LJDXPHelperUI
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sonic Activation Module
Spark 2.6.3.12555
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VirtualCloneDrive
Vista Shortcut Manager x64
.
==== End Of File ===========================

katiejones2010 · August 23, 2013

Finally after 30 minutes, DDS produced the above logs. Do you still need me to run OTL?

katiejones2010 · August 23, 2013

I got a blue screen and now it will only let me boot in safe mode or it will crash.

katiejones2010 · August 23, 2013

OTL logfile created on: 8/23/2013 12:40:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gsc\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 36.34% Memory free
7.77 Gb Paging File | 5.40 Gb Available in Paging File | 69.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 140.97 Gb Free Space | 60.56% Space Free | Partition Type: NTFS

Computer Name: PC4 | User Name: gsc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/23 12:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gsc\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/23 09:01:15 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/25 17:37:50 | 000,148,328 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/01/25 17:37:46 | 000,376,168 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/11/29 12:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011/01/17 12:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 12:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/25 17:38:04 | 000,088,448 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/29 12:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 12:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/10 23:44:18 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 18:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 08:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 15:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 15:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/02/09 16:34:18 | 000,063,608 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV:64bit: - [2007/02/09 00:05:36 | 000,015,864 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
DRV:64bit: - [2006/08/18 14:18:10 | 000,010,360 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2006/08/18 14:18:00 | 000,136,952 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2006/08/18 14:18:00 | 000,044,152 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2006/08/18 14:17:58 | 000,143,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2006/08/18 14:17:56 | 000,033,656 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2006/08/18 14:17:54 | 000,041,976 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2006/08/18 14:17:54 | 000,018,040 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2006/08/18 14:17:52 | 000,141,432 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2006/08/11 11:35:26 | 000,039,288 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2006/07/24 04:00:00 | 000,052,664 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/07/21 12:21:28 | 000,122,776 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV - [2012/11/29 12:56:52 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 91 1C 13 74 9F CE 01 [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 91 1C 13 74 9F CE 01 [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/I-net.htm
IE - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001\..\SearchScopes,DefaultScope = {A7403A13-B94C-4453-9250-E2D36FAE3E55}
IE - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001\..\SearchScopes\{A7403A13-B94C-4453-9250-E2D36FAE3E55}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2013/06/21 14:59:37 | 000,000,985 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKU\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001..\Run: [spark] C:\Program Files (x86)\Spark\Spark.exe (Jive Software)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = C:\Windows\web\wallpaper\gsc\GSClogon
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = C:\Windows\web\wallpaper\gsc\GSClogon
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 0
O7 - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = C:\Windows\web\wallpaper\gsc\GSClogon
O7 - HKU\S-1-5-21-4259309008-1257782580-1555477044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {977231BF-B887-4CD7-8156-6F429268F7E2} https://mri44.saas.mrisoftware.com/MRINet.cab (MRIWeb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AF9C57A-95FB-4CD7-A572-982DC7A29DA9}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fbb096e4-e52a-11e0-be20-180373b19a5f}\Shell - "" = AutoRun
O33 - MountPoints2\{fbb096e4-e52a-11e0-be20-180373b19a5f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{fbb096e4-e52a-11e0-be20-180373b19a5f}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{fbb096e4-e52a-11e0-be20-180373b19a5f}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/23 12:39:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gsc\Desktop\OTL.exe
[2013/08/23 10:12:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\gsc\Desktop\dds 2.scr
[2013/08/23 09:36:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\gsc\Desktop\dds.com
[2013/08/23 09:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/23 09:31:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/23 09:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/23 08:32:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LocalAppData%
[2013/08/21 12:04:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/03/22 17:21:57 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\gsc\gotomypc_635.exe
[1 C:\Users\gsc\Desktop\*.tmp files -> C:\Users\gsc\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/23 12:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gsc\Desktop\OTL.exe
[2013/08/23 12:17:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/23 12:17:06 | 398,221,782 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/23 12:17:04 | 3127,676,928 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/23 10:12:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\gsc\Desktop\dds 2.scr
[2013/08/23 09:43:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\gsc\Desktop\dds.com
[2013/08/23 09:31:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/23 09:04:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/23 08:44:30 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 08:44:30 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/20 12:40:48 | 000,409,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/20 12:23:23 | 000,743,910 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/20 12:23:23 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/20 12:23:23 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/19 16:57:18 | 000,000,660 | RHS- | M] () -- C:\Users\gsc\ntuser.pol
[1 C:\Users\gsc\Desktop\*.tmp files -> C:\Users\gsc\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/23 09:31:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/04 15:59:04 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/06 08:22:03 | 000,056,056 | ---- | C] () -- C:\Windows\SysWow64\DLAAPI_W.DLL
[2012/11/06 08:22:03 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/25 13:39:31 | 000,000,660 | RHS- | C] () -- C:\Users\gsc\ntuser.pol
[2011/09/21 10:49:25 | 000,000,296 | ---- | C] () -- C:\ProgramData\Renters Insurance.url
[2011/09/21 10:49:25 | 000,000,185 | ---- | C] () -- C:\ProgramData\Web Apps.url
[2011/09/21 10:49:25 | 000,000,177 | ---- | C] () -- C:\ProgramData\Google.url
[2011/09/21 10:49:25 | 000,000,174 | ---- | C] () -- C:\ProgramData\Yahoo!.url
[2011/09/21 10:49:25 | 000,000,164 | ---- | C] () -- C:\ProgramData\GSC Forms & Manuals.url
[2011/09/21 10:49:25 | 000,000,138 | ---- | C] () -- C:\ProgramData\GSC Online Training.url
[2011/09/21 10:49:25 | 000,000,134 | ---- | C] () -- C:\ProgramData\GSC Apartment Communities.url
[2011/09/21 09:29:09 | 000,000,586 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/20 12:48:23 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/09/20 12:48:23 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/09/20 12:48:22 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/09/20 12:48:22 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/20 12:48:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/25 11:10:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BlueZone Web
[2011/09/21 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\BlueZone Web
[2011/09/21 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\BlueZone Web
[2011/09/21 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\gsc\AppData\Roaming\BlueZone Web
[2013/03/04 16:15:12 | 000,000,000 | ---D | M] -- C:\Users\gsc\AppData\Roaming\Spark
[2011/09/21 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\support\AppData\Roaming\BlueZone Web

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 8/23/2013 12:40:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gsc\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 36.34% Memory free
7.77 Gb Paging File | 5.40 Gb Available in Paging File | 69.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 140.97 Gb Free Space | 60.56% Space Free | Partition Type: NTFS

Computer Name: PC4 | User Name: gsc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{91ECCDA3-D996-4749-B45C-EA76358EEAB2}" = lport=3389 | protocol=6 | dir=in | app=system |
"{A7740BB8-3400-4392-AF10-643A270C4380}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{F6817D81-E9A0-4DD4-BA73-22B18510F8EC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C0D762C-3350-405E-AA83-7EA5E89A7734}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{52FE41BE-9AFE-4D39-9754-6BC49F583950}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD868C71-6CCF-42E2-B90D-0504AB0036FE}" = 64 Bit HP CIO Components Installer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSet" = Intel® Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{59CC9AFB-B09E-4EAB-9254-58F40C3C3B42}}" = HP LaserJet Enterprise 600 M601, M602 & M603 printer series
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{E7D97385-3E64-4839-AFA5-A03915046712}" = BlueZone
"{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}" = LJDXPHelperUI
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.STANDARD" = Microsoft Office Standard 2010
"Spark 2.6.3.12555" = Spark 2.6.3.12555
"VirtualCloneDrive" = VirtualCloneDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2013 6:15:43 AM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 7:59:43 AM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 8:36:36 AM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 8:55:33 AM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 9:08:13 AM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 9:43:43 AM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 10:06:12 AM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 10:22:23 AM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 11:06:18 AM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 12:18:50 PM | Computer Name = PC4 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/23/2013 12:17:44 PM | Computer Name = PC4 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error:   %%1068

Error - 8/23/2013 12:17:46 PM | Computer Name = PC4 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error:   %%1068

Error - 8/23/2013 12:17:46 PM | Computer Name = PC4 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error:   %%1068

Error - 8/23/2013 12:17:46 PM | Computer Name = PC4 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error:   %%1068

Error - 8/23/2013 12:18:04 PM | Computer Name = PC4 | Source = DCOM | ID = 10005
Description =

Error - 8/23/2013 12:18:11 PM | Computer Name = PC4 | Source = DCOM | ID = 10005
Description =

Error - 8/23/2013 12:18:17 PM | Computer Name = PC4 | Source = DCOM | ID = 10005
Description =

Error - 8/23/2013 12:18:18 PM | Computer Name = PC4 | Source = DCOM | ID = 10005
Description =

Error - 8/23/2013 12:44:13 PM | Computer Name = PC4 | Source = Service Control Manager | ID = 7031
Description = The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 8/23/2013 12:44:13 PM | Computer Name = PC4 | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

< End of report >

Maniac · August 23, 2013

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 2
Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here
Please visit this webpage and read the ComboFix User's Guide:
- Once you've read the article and are ready to use the program you can download it directly from the link below.
- Important! - Please make sure you save combofix to your desktop and do not run it from your browser
- Direct download link for: ComboFix.exe
- Please make sure you disable your security applications before running ComboFix.
- Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
- Please copy/paste the contents or attach that log file to your next reply.
- If needed the file can be located here: C:\combofix.txt
- NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
In your next reply, post the following log files:
- TDSSKiller log
- ComboFix log

katiejones2010 · August 24, 2013

I downloaded the TDSSKiller, I open it, I check all the boxes, the computer reboots but when the TDSSKiller goes to run, the computer restart. It will only open in safe mode but the TDSSKiller won't scan in safe mode.

Anything else I can do?

Maniac · August 24, 2013

Please, proceed with ComboFix.

katiejones2010 · August 24, 2013

Combofix isn't running properly in safe mode (according to the userguide). It will open, scan a little, back up the registry and then it just stops. I've waited over 30 minutes and no log is produced. I keep trying to boot the computer normally and it restarts after less than 30 seconds after opening the desktop.

katiejones2010 · August 24, 2013

Now the computer immediately restarts no matter how I boot it, safe mode or regular mode. The desktop will open for 20 seconds max and then I get a blue screen and it restarts. I've shut it down for now. I'm really afraid of getting fired, so anything helps.

Maniac · August 25, 2013

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

katiejones2010 · August 25, 2013

For some reason I wasn't able to do "repair computer" and then "control prompt" it just took me to some system check. But I was able to run FRST64 in safe mode so here is the log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 01
Ran by gsc (administrator) on 25-08-2013 09:42:12
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Farbar) F:\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM-x32\...\Runonce: [792F07D7-9199-4A92-A30F-C2F52177D4E5] - cmd.exe /C start /D "C:\Users\gsc\AppData\Local\Temp" /B 792F07D7-9199-4A92-A30F-C2F52177D4E5.exe -activeimages -postboot [x]
HKCU\...\Run: [spark] - C:\Program Files (x86)\Spark\Spark.exe [433664 2011-07-01] (Jive Software)
HKCU\...\Policies\system: [Wallpaper] C:\Windows\web\wallpaper\gsc\GSClogon
HKCU\...\Policies\system: [WallpaperStyle] 0
MountPoints2: {fbb096e4-e52a-11e0-be20-180373b19a5f} - E:\SETUP.EXE
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RoxioDragToDisc] - C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKU\Administrator\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Administrator\...\Policies\system: [Wallpaper] C:\Windows\web\wallpaper\gsc\GSClogon
HKU\Administrator\...\Policies\system: [WallpaperStyle] 0
HKU\Default\...\Policies\system: [Wallpaper] C:\Windows\web\wallpaper\gsc\GSClogon
HKU\Default\...\Policies\system: [WallpaperStyle] 0
HKU\Default User\...\Policies\system: [Wallpaper] C:\Windows\web\wallpaper\gsc\GSClogon
HKU\Default User\...\Policies\system: [WallpaperStyle] 0
HKU\support\...\Policies\system: [Wallpaper] C:\Windows\web\wallpaper\gsc\GSClogon
HKU\support\...\Policies\system: [WallpaperStyle] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\gsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\support\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {977231BF-B887-4CD7-8156-6F429268F7E2} https://mri44.saas.mrisoftware.com/MRINet.cab
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

==================== Services (Whitelisted) =================

S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2013-01-25] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [148328 2013-01-25] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)

==================== Drivers (Whitelisted) ====================

S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-18] (Roxio)
S2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-18] (Roxio)
R1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15864 2007-02-09] (Roxio)
S2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-18] (Roxio)
S2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-18] (Roxio)
S2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-18] (Roxio)
S2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-18] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-11] (Roxio)
S2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-18] (Roxio)
S2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-18] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
S2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2007-02-09] (Roxio)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2012-11-29] (LogMeIn, Inc.)
S0 29072035; system32\drivers\65574916.sys [x]
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-25 09:39 - 2013-08-25 09:39 - 00262144 _____ C:\Windows\Minidump\082513-53149-01.dmp
2013-08-25 09:27 - 2013-08-25 09:27 - 00272552 _____ C:\Windows\Minidump\082513-49483-01.dmp
2013-08-24 13:26 - 2013-08-24 13:26 - 00262144 _____ C:\Windows\Minidump\082413-31980-01.dmp
2013-08-24 13:13 - 2013-08-24 13:13 - 00262144 _____ C:\Windows\Minidump\082413-31200-01.dmp
2013-08-24 10:17 - 2013-08-24 10:17 - 00272552 _____ C:\Windows\Minidump\082413-32401-01.dmp
2013-08-24 10:04 - 2013-08-24 10:04 - 00262144 _____ C:\Windows\Minidump\082413-41496-01.dmp
2013-08-24 09:58 - 2013-08-24 09:58 - 00272552 _____ C:\Windows\Minidump\082413-38001-01.dmp
2013-08-24 09:53 - 2013-08-24 09:54 - 00272552 _____ C:\Windows\Minidump\082413-52478-01.dmp
2013-08-24 09:40 - 2013-08-24 09:40 - 00262144 _____ C:\Windows\Minidump\082413-37081-01.dmp
2013-08-24 08:35 - 2013-08-24 13:17 - 00000000 ___SD C:\32788R22FWJFW
2013-08-24 08:35 - 2013-08-24 08:35 - 00000000 ____D C:\Windows\erdnt
2013-08-24 08:34 - 2013-08-24 08:34 - 05111180 ____R (Swearware) C:\Users\gsc\Desktop\ComboFix.exe
2013-08-23 17:04 - 2013-08-23 17:05 - 00262144 _____ C:\Windows\Minidump\082313-39998-01.dmp
2013-08-23 16:44 - 2013-08-23 16:44 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\gsc\Desktop\tdsskiller.exe
2013-08-23 12:39 - 2013-08-23 12:39 - 00602112 _____ (OldTimer Tools) C:\Users\gsc\Desktop\OTL.exe
2013-08-23 12:17 - 2013-08-23 12:17 - 00262144 _____ C:\Windows\Minidump\082313-37268-01.dmp
2013-08-23 12:13 - 2013-08-23 12:14 - 00262144 _____ C:\Windows\Minidump\082313-36707-01.dmp
2013-08-23 10:12 - 2013-08-23 10:12 - 00688992 ____R (Swearware) C:\Users\gsc\Desktop\dds 2.scr
2013-08-23 09:36 - 2013-08-23 09:43 - 00688992 ____R (Swearware) C:\Users\gsc\Desktop\dds.com
2013-08-23 09:31 - 2013-08-23 09:31 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-23 09:31 - 2013-08-23 09:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-23 09:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-23 08:32 - 2013-08-23 08:32 - 00000000 ____D C:\Windows\system32\%LocalAppData%
2013-08-21 12:04 - 2013-08-21 12:06 - 00000000 ____D C:\Windows\system32\MRT
2013-08-20 12:31 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-20 12:31 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-20 12:31 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-20 12:31 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-20 12:31 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-20 12:31 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-20 12:31 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-20 12:31 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-20 12:31 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-20 12:31 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-20 12:31 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-20 12:31 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-20 12:31 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-20 12:31 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-20 12:31 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-20 12:31 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-20 12:31 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-20 12:31 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-20 12:31 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-20 12:31 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-20 12:31 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-20 12:31 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 16:06 - 2013-08-19 16:06 - 00262144 _____ C:\Windows\Minidump\081913-33290-01.dmp
2013-08-19 14:49 - 2013-08-19 14:49 - 00262144 _____ C:\Windows\Minidump\081913-38001-01.dmp
2013-08-19 14:21 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-19 14:21 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-19 14:21 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-19 14:20 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-19 14:20 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-19 14:20 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-19 14:19 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-19 14:19 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-19 14:19 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-19 14:19 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-19 14:19 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-19 14:19 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-19 14:18 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-19 14:17 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-19 14:17 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-19 14:17 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-19 14:17 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-19 14:17 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-19 14:17 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-19 14:17 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-19 14:17 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-19 14:09 - 2013-08-19 14:09 - 00262144 _____ C:\Windows\Minidump\081913-34819-01.dmp
2013-08-19 14:03 - 2013-08-19 14:03 - 00262144 _____ C:\Windows\Minidump\081913-44273-01.dmp
2013-08-13 18:58 - 2013-08-13 18:58 - 06647679 _____ C:\Users\gsc\Downloads\pics (1).zip
2013-08-13 18:58 - 2013-08-13 18:58 - 00000000 ____D C:\Users\gsc\Downloads\pics (1)
2013-08-13 18:44 - 2013-08-13 18:44 - 00000000 ____D C:\Users\gsc\Downloads\pics
2013-08-13 18:43 - 2013-08-13 18:43 - 04759804 _____ C:\Users\gsc\Downloads\pics.zip

==================== One Month Modified Files and Folders =======

2013-08-25 09:41 - 2013-08-25 09:41 - 00000000 ____D C:\FRST
2013-08-25 09:39 - 2013-08-25 09:39 - 00262144 _____ C:\Windows\Minidump\082513-53149-01.dmp
2013-08-25 09:39 - 2013-06-15 12:52 - 00000000 ____D C:\Windows\Minidump
2013-08-25 09:38 - 2013-06-15 12:52 - 404828630 _____ C:\Windows\MEMORY.DMP
2013-08-25 09:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 09:34 - 2009-07-14 00:51 - 00040298 _____ C:\Windows\setupact.log
2013-08-25 09:29 - 2011-09-20 11:11 - 01835537 _____ C:\Windows\WindowsUpdate.log
2013-08-25 09:28 - 2013-02-15 12:15 - 00000000 ____D C:\ProgramData\LogMeIn
2013-08-25 09:27 - 2013-08-25 09:27 - 00272552 _____ C:\Windows\Minidump\082513-49483-01.dmp
2013-08-24 13:26 - 2013-08-24 13:26 - 00262144 _____ C:\Windows\Minidump\082413-31980-01.dmp
2013-08-24 13:17 - 2013-08-24 08:35 - 00000000 ___SD C:\32788R22FWJFW
2013-08-24 13:13 - 2013-08-24 13:13 - 00262144 _____ C:\Windows\Minidump\082413-31200-01.dmp
2013-08-24 10:17 - 2013-08-24 10:17 - 00272552 _____ C:\Windows\Minidump\082413-32401-01.dmp
2013-08-24 10:04 - 2013-08-24 10:04 - 00262144 _____ C:\Windows\Minidump\082413-41496-01.dmp
2013-08-24 09:58 - 2013-08-24 09:58 - 00272552 _____ C:\Windows\Minidump\082413-38001-01.dmp
2013-08-24 09:54 - 2013-08-24 09:53 - 00272552 _____ C:\Windows\Minidump\082413-52478-01.dmp
2013-08-24 09:40 - 2013-08-24 09:40 - 00262144 _____ C:\Windows\Minidump\082413-37081-01.dmp
2013-08-24 08:35 - 2013-08-24 08:35 - 00000000 ____D C:\Windows\erdnt
2013-08-24 08:34 - 2013-08-24 08:34 - 05111180 ____R (Swearware) C:\Users\gsc\Desktop\ComboFix.exe
2013-08-23 17:05 - 2013-08-23 17:04 - 00262144 _____ C:\Windows\Minidump\082313-39998-01.dmp
2013-08-23 16:44 - 2013-08-23 16:44 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\gsc\Desktop\tdsskiller.exe
2013-08-23 12:39 - 2013-08-23 12:39 - 00602112 _____ (OldTimer Tools) C:\Users\gsc\Desktop\OTL.exe
2013-08-23 12:17 - 2013-08-23 12:17 - 00262144 _____ C:\Windows\Minidump\082313-37268-01.dmp
2013-08-23 12:17 - 2010-11-20 23:47 - 00008452 _____ C:\Windows\PFRO.log
2013-08-23 12:14 - 2013-08-23 12:13 - 00262144 _____ C:\Windows\Minidump\082313-36707-01.dmp
2013-08-23 10:12 - 2013-08-23 10:12 - 00688992 ____R (Swearware) C:\Users\gsc\Desktop\dds 2.scr
2013-08-23 09:43 - 2013-08-23 09:36 - 00688992 ____R (Swearware) C:\Users\gsc\Desktop\dds.com
2013-08-23 09:31 - 2013-08-23 09:31 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-23 09:31 - 2013-08-23 09:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-23 09:11 - 2009-07-14 01:08 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-23 09:04 - 2012-06-25 12:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 09:01 - 2012-06-25 12:46 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-23 09:01 - 2012-06-25 12:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-23 09:01 - 2011-09-21 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-23 08:44 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 08:44 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 08:32 - 2013-08-23 08:32 - 00000000 ____D C:\Windows\system32\%LocalAppData%
2013-08-23 08:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-21 12:06 - 2013-08-21 12:04 - 00000000 ____D C:\Windows\system32\MRT
2013-08-20 12:40 - 2009-07-14 00:45 - 00409976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-20 12:38 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-20 12:38 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-20 12:38 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-20 12:23 - 2009-07-14 01:13 - 00743910 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 16:57 - 2012-06-25 13:39 - 00000660 __RSH C:\Users\gsc\ntuser.pol
2013-08-19 16:57 - 2012-06-25 13:39 - 00000000 ____D C:\Users\gsc
2013-08-19 16:06 - 2013-08-19 16:06 - 00262144 _____ C:\Windows\Minidump\081913-33290-01.dmp
2013-08-19 14:49 - 2013-08-19 14:49 - 00262144 _____ C:\Windows\Minidump\081913-38001-01.dmp
2013-08-19 14:09 - 2013-08-19 14:09 - 00262144 _____ C:\Windows\Minidump\081913-34819-01.dmp
2013-08-19 14:03 - 2013-08-19 14:03 - 00262144 _____ C:\Windows\Minidump\081913-44273-01.dmp
2013-08-19 13:57 - 2010-11-21 03:17 - 00000000 ____D C:\Windows\ShellNew
2013-08-19 13:56 - 2012-06-25 13:39 - 00000000 ___RD C:\Users\gsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-19 13:56 - 2011-09-26 09:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-19 13:56 - 2011-09-21 13:59 - 00000000 ____D C:\Users\Administrator
2013-08-19 13:56 - 2011-09-20 11:09 - 00000000 ____D C:\Users\support
2013-08-19 13:56 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-19 13:56 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-19 13:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-08-13 18:58 - 2013-08-13 18:58 - 06647679 _____ C:\Users\gsc\Downloads\pics (1).zip
2013-08-13 18:58 - 2013-08-13 18:58 - 00000000 ____D C:\Users\gsc\Downloads\pics (1)
2013-08-13 18:44 - 2013-08-13 18:44 - 00000000 ____D C:\Users\gsc\Downloads\pics
2013-08-13 18:43 - 2013-08-13 18:43 - 04759804 _____ C:\Users\gsc\Downloads\pics.zip
2013-08-05 16:14 - 2011-09-20 14:16 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-26 01:13 - 2013-08-20 12:31 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 01:13 - 2013-08-20 12:31 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 01:13 - 2013-08-20 12:31 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 01:12 - 2013-08-20 12:31 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 01:12 - 2013-08-20 12:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

Files to move or delete:
====================
C:\Users\gsc\gotomypc_635.exe
C:\Users\gsc\AppData\Local\Temp\13B7642D-0243-409E-A262-8E8D3A727F00.exe
C:\Users\gsc\AppData\Local\Temp\792F07D7-9199-4A92-A30F-C2F52177D4E5.exe
C:\Users\gsc\AppData\Local\Temp\i4jdel0.exe
C:\Users\gsc\AppData\Local\Temp\jna126511520055531813.dll
C:\Users\gsc\AppData\Local\Temp\jna1321500272142811308.dll
C:\Users\gsc\AppData\Local\Temp\jna1876635014456933304.dll
C:\Users\gsc\AppData\Local\Temp\jna3638378940404316515.dll
C:\Users\gsc\AppData\Local\Temp\jna4219453304292847880.dll
C:\Users\gsc\AppData\Local\Temp\jna5993013417500298586.dll
C:\Users\gsc\AppData\Local\Temp\jna7225534398135402214.dll
C:\Users\gsc\AppData\Local\Temp\jna7782064775406642045.dll
C:\Users\gsc\AppData\Local\Temp\jna7871225560535352232.dll
C:\Users\gsc\AppData\Local\Temp\jna8037660125689698270.dll
C:\Users\gsc\AppData\Local\Temp\jna8055323444890534492.dll
C:\Users\gsc\AppData\Local\Temp\jna8530095032759326824.dll
C:\Users\gsc\AppData\Local\Temp\jxgdj3mf.dll
C:\Users\gsc\AppData\Local\Temp\up-uzaeb.dll
C:\Users\gsc\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\gsc\AppData\Local\Temp\wkz2u_pg.dll
C:\Users\gsc\AppData\Local\Temp\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\InstHelper.dll
C:\Users\gsc\AppData\Local\Temp\nsfFE1F.tmp\ffext.dll
C:\Users\gsc\AppData\Local\Temp\nsfFE1F.tmp\nsExec.dll
C:\Users\gsc\AppData\Local\Temp\nsfFE1F.tmp\System.dll
C:\Users\gsc\AppData\Local\Temp\nsfFE1F.tmp\UserInfo.dll
C:\Users\gsc\AppData\Local\Temp\nsd9EC1.tmp\ffext.dll
C:\Users\gsc\AppData\Local\Temp\nsd9EC1.tmp\nsExec.dll
C:\Users\gsc\AppData\Local\Temp\nsd9EC1.tmp\System.dll
C:\Users\gsc\AppData\Local\Temp\nsd9EC1.tmp\UserInfo.dll
C:\Users\support\AppData\Local\Temp\ose00000.exe
C:\Users\support\AppData\Local\Temp\Temp1_Win 7 Profile Tool - Win Enabler v1.1.zip\Windows Enabler.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\setup2K.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\winx64\e1Cmsg.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\winx64\NetInst.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\winx64\NicCo2.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\winx64\NicinstC.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\winx64\PROUnstl.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\winx64\SetBDRes.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\winx64\SetupBD.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win7x64\e1Cmsg.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win7x64\NetInst.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win7x64\NicCo36.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win7x64\NicinstC.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win7x64\PROUnstl.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win7x64\SetBDRes.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win7x64\SetupBD.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win732\e1Cmsg.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win732\NetInst.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win732\Nicco36.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win732\NicInstC.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win732\PROUnstl.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win732\SetBDRes.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Win732\SetupBD.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\win32\e1Cmsg.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\win32\NetInst.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\win32\NicCo2.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\win32\NicinstC.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\win32\PROUnstl.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\win32\SetBDRes.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\win32\SetupBD.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vistax64\e1Cmsg.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vistax64\NetInst.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vistax64\NicCo26.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vistax64\NicinstC.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vistax64\PROUnstl.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vistax64\SetBDRes.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vistax64\SetupBD.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vista32\e1Cmsg.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vista32\NetInst.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vista32\Nicco26.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vista32\NicInstC.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vista32\PROUnstl.exe
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vista32\SetBDRes.dll
C:\Users\support\AppData\Local\Temp\pftCACF~tmp\Vista32\SetupBD.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-03 13:24

==================== End Of Log ============================

Maniac · August 25, 2013

C:\Users\support\AppData\Local\Temp\Temp1_Win 7 Profile Tool - Win Enabler v1.1.zip\Windows Enabler.exe

Looks like your Windows is illegal.

Your thread will be closed.

LDTate · August 28, 2013

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

svchost.exe Trojan

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information