1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Hard to connect and download

Discussion in 'Malware and Virus Removal Archive' started by imjhemp, 2012/09/05.

Page 1 of 2
  1. 2012/09/05
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    [Resolved] Hard to connect and download

    Hello, ive been here before with my old computer and you guys help me out lots. I now have a new comp and already having problems.

    Ok..when i try to go to any webpage all I get is "The Webpage is not Available "
    and it says the page took too long to respond and I usually have to hit 'reload' a couple of times before I get to any webpage.
    Also anything I try to download..even simple things..take forever or not at all.

    Sometimes I get 'Google Chrome could not connect to "webpage.com "
    ....I even got this message when I tried to submit this very post.
    Pretty much any button I hit does this.


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.03.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    jhemp :: JHEMP-PC [administrator]

    Protection: Disabled

    9/3/2012 5:48:00 PM
    mbam-log-2012-09-03 (17-48-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 197083
    Time elapsed: 2 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 15
    HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
    HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
    HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> No action taken.
    HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> No action taken.
    HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> No action taken.
    HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> No action taken.
    HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> No action taken.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.

    Registry Values Detected: 1
    HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\ProgramData\wxDfast (PUP.wxDfast) -> No action taken.

    Files Detected: 6
    C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> No action taken.
    C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
    C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> No action taken.
    C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> No action taken.
    C:\ProgramData\wxDfast\kfakdabibhefpjoelbecolghigimcppk.crx (PUP.wxDfast) -> No action taken.
    C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> No action taken.

    (end)




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-03 16:53:13
    Windows 6.1.7601 Service Pack 1
    Running: o771unu2.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\jhemp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6PR2J9F\clients[1].txt 1 bytes
    File C:\Users\jhemp\AppData\Roaming\Microsoft\Windows\Cookies\P9UQ7UX7.txt 92 bytes

    ---- EOF - GMER 1.0.15 ----
     
    imjhemp,
    #1
  2. 2012/09/05
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    Wow..it took 5 times before that posted.
    Here's the rest...


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-03 16:56:14
    -----------------------------
    16:56:14.773 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:56:14.773 Number of processors: 4 586 0x2A07
    16:56:14.774 ComputerName: JHEMP-PC UserName: jhemp
    16:56:16.678 Initialize success
    17:08:46.334 AVAST engine defs: 12090301
    17:30:40.844 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    17:30:40.846 Disk 0 Vendor: ST31000524AS JC4A Size: 953869MB BusType: 3
    17:30:40.861 Disk 0 MBR read successfully
    17:30:40.864 Disk 0 MBR scan
    17:30:40.869 Disk 0 Windows VISTA default MBR code
    17:30:40.877 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    17:30:40.885 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
    17:30:40.897 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938660 MB offset 31145984
    17:30:40.919 Disk 0 scanning C:\Windows\system32\drivers
    17:30:47.896 Service scanning
    17:31:01.402 Modules scanning
    17:31:01.411 Disk 0 trace - called modules:
    17:31:01.440 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
    17:31:01.447 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dab060]
    17:31:01.452 3 CLASSPNP.SYS[fffff880019b343f] -> nt!IofCallDriver -> [0xfffffa8007aea580]
    17:31:01.455 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007aec060]
    17:31:19.279 AVAST engine scan C:\Windows
    17:31:25.814 AVAST engine scan C:\Windows\system32
    17:33:27.723 AVAST engine scan C:\Windows\system32\drivers
    17:33:36.265 AVAST engine scan C:\Users\jhemp
    17:36:59.631 Disk 0 MBR has been saved successfully to "C:\Users\jhemp\Desktop\MBR.dat "
    17:36:59.636 The log file has been saved successfully to "C:\Users\jhemp\Desktop\aswMBR.txt "




    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by jhemp at 8:44:54 on 2012-09-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5481 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jhemp\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=1
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [Google Update] "C:\Users\jhemp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe "
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe "
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe "
    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe "
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe "
    mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe "
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8BC90A0F-E30D-4A32-B3AB-05586B658F8A} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{CC7171B6-8013-4A35-A72F-A797AA4F5AC2} : DhcpNameServer = 192.168.1.254
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    BHO-X64: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
    BHO-X64: CrossriderApp0003491 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO-X64: uTorrentControl2 - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe "
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe "
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe "
    mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe "
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe "
    mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe "
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-8-2 173056]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-8-30 1188896]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-8-30 1395736]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-8-30 166528]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-4-27 1695040]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-8-30 722528]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-27 250568]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-04 09:36:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B517FBA-1E74-4099-9450-F1FFFFB1F6B5}\offreg.dll
    2012-09-04 09:36:13 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B517FBA-1E74-4099-9450-F1FFFFB1F6B5}\mpengine.dll
    2012-09-03 22:46:07 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-03 22:46:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-03 07:14:29 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-09-02 19:32:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-09-02 19:32:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-08-31 00:33:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-08-31 00:32:57 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2012-08-31 00:32:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-08-30 22:48:52 -------- d-----w- C:\Users\jhemp\AppData\Roaming\Malwarebytes
    2012-08-30 22:48:05 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-30 18:04:00 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-08-28 21:00:11 -------- d-----w- C:\Users\jhemp\AppData\Local\Deployment
    2012-08-28 21:00:11 -------- d-----w- C:\Users\jhemp\AppData\Local\Apps
    2012-08-23 17:06:04 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
    2012-08-15 02:12:43 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-15 02:12:42 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-15 02:12:37 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-15 02:12:37 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-15 02:12:37 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-15 02:12:37 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-15 02:12:35 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-15 02:12:35 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-15 02:12:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-15 02:12:32 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-15 02:12:30 956928 ----a-w- C:\Windows\System32\localspl.dll
    2012-08-08 01:25:38 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
    .
    ==================== Find3M ====================
    .
    2012-09-03 18:00:09 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-03 18:00:09 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-09 17:21:56 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
    .
    ============= FINISH: 8:45:11.41 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/12/2012 3:16:29 PM
    System Uptime: 9/3/2012 5:41:13 PM (39 hours ago)
    .
    Motherboard: Dell Inc. | | 0GDG8Y
    Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 917 GiB total, 503.925 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP64: 9/1/2012 1:41:07 PM - C
    RP65: 9/1/2012 1:42:38 PM - C
    RP66: 9/2/2012 2:32:46 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.22beta
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4) MUI
    Bejeweled 2 Deluxe
    Bing Bar
    Blackhawk Striker 2
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Consumer In-Home Service Agreement
    Cozi
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Digital Delivery
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell VideoStage
    Diner Dash 2 Restaurant Rescue
    DirectX 9 Runtime
    Dora's World Adventure
    eBay
    Escape Whisper Valley (TM)
    Farm Frenzy
    FATE
    Final Drive Fury
    Final Drive Nitro
    Google Chrome
    High-Definition Video Playback
    Jewel Quest
    Jewel Quest Solitaire 2
    Junk Mail filter update
    K-Lite Codec Pack 9.1.0 (Full)
    Luxor
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Namco All-Stars PAC-MAN
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    Penguins!
    PhotoShowExpress
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Samantha Swift
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Sid Meier's Civilization 4
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization IV Colonization
    Skype™ 5.5
    Sonic CinePlayer Decoder Pack
    Spybot - Search & Destroy
    SyncUP
    TrustedID
    TrustedID IDMonitor Identity Protection
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    uTorrentControl2 Toolbar
    Vid-Saver
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2008 x64 Redistributables
    Wedding Dash - Ready, Aim, Love!
    WildTangent Games
    WildTangent Games App (Dell Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== End Of File ===========================
     
    imjhemp,
    #2


  3. to hide this advert.

  4. 2012/09/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Your MBAM log says "No action taken ".
    Re-run it, fix all issues and post new log.

    Which browser gives you problems?
    Did you try different browser?

    ===============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
     
    broni,
    #3
  5. 2012/09/06
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    Hello broni, im so glad to hear from you.
    Im using Google Chrome which is the browser that gives me the problems. I havent tried another browser. I did get on with IE a couple of times and same issues.

    Here is the new MBAM log.


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.03.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    jhemp :: JHEMP-PC [administrator]

    Protection: Disabled

    9/6/2012 7:44:57 AM
    mbam-log-2012-09-06 (07-44-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196809
    Time elapsed: 1 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 15
    HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\ProgramData\wxDfast (PUP.wxDfast) -> Quarantined and deleted successfully.

    Files Detected: 6
    C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> Quarantined and deleted successfully.
    C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> Quarantined and deleted successfully.
    C:\ProgramData\wxDfast\kfakdabibhefpjoelbecolghigimcppk.crx (PUP.wxDfast) -> Quarantined and deleted successfully.
    C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> Quarantined and deleted successfully.

    (end)
     
    imjhemp,
    #4
  6. 2012/09/06
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    RogueKiller V8.0.2 [08/31/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : jhemp [Admin rights]
    Mode : Scan -- Date : 09/06/2012 08:32:56

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31000524AS ATA Device +++++
    --- User ---
    [MBR] 5e78e36c6c63f5f9b95cc9aab4f887bc
    [BSP] d3f66aebaa1190ab147b35dd80e26dc1 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15168 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31145984 | Size: 938660 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
    imjhemp,
    #5
  7. 2012/09/06
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    RogueKiller V8.0.2 [08/31/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : jhemp [Admin rights]
    Mode : Remove -- Date : 09/06/2012 08:37:10

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31000524AS ATA Device +++++
    --- User ---
    [MBR] 5e78e36c6c63f5f9b95cc9aab4f887bc
    [BSP] d3f66aebaa1190ab147b35dd80e26dc1 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15168 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31145984 | Size: 938660 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
    imjhemp,
    #6
  8. 2012/09/06
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    There were 2 reports from RogueKiller..the scan and after I deleted what it found.
     
    imjhemp,
    #7
  9. 2012/09/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I didn't ask to delete anything with RogueKiller.

    [​IMG]

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
    broni,
    #8
  10. 2012/09/09
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    Ok..I downloaded Combofix and went by instructions in your post. In Note2 it says for AVG users that Combofix will not run until it is uninstalled, so I hit 'appremover.com' and went by instructions.
    Now, I ran Combofix and got the report. Afterwards there was no internet connection. In the notes it says to restart computer to restore the connection...'Restarted' and no connection. Tried restarted computer a few times and still no internet connection.
    I didnt know what else to do with no internet connection, I couldnt get on to even ask you for help so I did a 'Restore'. After this I had internet connection.

    Ive done these steps before in the past and I can follow instructions but I dont know if I did something wrong or its my computer. Please dont leave me if I didnt do it right.

    Here is the log from Combofix:

    Also..after uninstalling AVG, it is still on my computer as if I didnt uninstall it. I never reinstalled it.


    ComboFix 12-09-07.03 - jhemp 09/08/2012 0:24.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6453 [GMT -5:00]
    Running from: c:\users\jhemp\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\TelevisionFanaticEI
    c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll
    c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll
    c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll
    c:\program files (x86)\Vid-Saver
    c:\program files (x86)\Vid-Saver\Vid-Saver.exe
    c:\program files (x86)\Vid-Saver\Vid-Saver.ico
    c:\program files (x86)\Vid-Saver\Vid-Saver.ini
    c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
    c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
    c:\programdata\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\cf3463d8-8828-4f50-98c8-d04ca1fe42f3.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
    c:\users\jhemp\AppData\Local\Vid-Saver
    c:\users\jhemp\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_KXESCORE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-07 07:55 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71DCA14A-A88D-4393-A02A-E71D246936A6}\mpengine.dll
    2012-09-04 14:49 . 2012-09-04 14:49 -------- d-----w- c:\program files (x86)\7-Zip
    2012-09-03 22:46 . 2012-09-03 22:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-03 22:46 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-02 19:32 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-02 19:32 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-08-31 00:33 . 2012-09-01 19:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-08-30 22:48 . 2012-08-30 22:48 -------- d-----w- c:\users\jhemp\AppData\Roaming\Malwarebytes
    2012-08-30 22:48 . 2012-08-30 22:48 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-28 21:00 . 2012-08-28 21:01 -------- d-----w- c:\users\jhemp\AppData\Local\Deployment
    2012-08-28 21:00 . 2012-08-28 21:00 -------- d-----w- c:\users\jhemp\AppData\Local\Apps
    2012-08-23 17:06 . 2012-08-23 17:06 -------- d-----w- c:\programdata\PC-Doctor for Windows
    2012-08-15 02:12 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 02:12 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 02:12 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 02:12 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 02:12 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-08-15 02:12 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 02:12 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 02:12 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 02:12 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 02:12 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 02:12 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 02:12 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-03 18:00 . 2012-04-27 20:36 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-03 18:00 . 2012-04-27 20:36 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 08:00 . 2012-05-19 19:22 62134624 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03} "= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03} "= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-29 336384]
    "Dell DataSafe Online "= "c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "RoxWatchTray "= "c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool "= "c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "NeroLauncher "= "c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
    "AccuWeatherWidget "= "c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
    "AVG_TRAY "= "c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "Malwarebytes' Anti-Malware "= "c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1 "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 250568]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-16 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-10 204288]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173056]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-10 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-10 309760]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-08-10 231440]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 18:00]
    .
    2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2641804929-3598768314-1187809908-1000Core.job
    - c:\users\jhemp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28 21:01]
    .
    2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2641804929-3598768314-1187809908-1000UA.job
    - c:\users\jhemp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28 21:01]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellStage "= "c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
    "combofix "= "c:\combofix\CF29367.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/?ilc=1
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
    Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
    Toolbar-Locked - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
    "ImagePath "= "\??\c:\program files\dell support center\pcdsrvc_x64.pkms "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.11 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-08 00:33:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-08 05:33
    .
    Pre-Run: 589,473,865,728 bytes free
    Post-Run: 589,387,702,272 bytes free
    .
    - - End Of File - - 5ED87BABB16DAA27B62CA5FA0036EF86
     
    imjhemp,
    #9
  11. 2012/09/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Is this Combofix log from before you restore or after?
     
    broni,
    #10
  12. 2012/09/09
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    This log if from before the restore.
     
    imjhemp,
    #11
  13. 2012/09/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #12
  14. 2012/09/09
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    Just to clarify..AVG was there before the restore. After I uninstalled it and before the restore.
    I will move on to your next post.
     
    imjhemp,
    #13
  15. 2012/09/09
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    14:30:17.0109 3892 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    14:30:17.0847 3892 ============================================================
    14:30:17.0847 3892 Current date / time: 2012/09/09 14:30:17.0847
    14:30:17.0847 3892 SystemInfo:
    14:30:17.0847 3892
    14:30:17.0847 3892 OS Version: 6.1.7601 ServicePack: 1.0
    14:30:17.0847 3892 Product type: Workstation
    14:30:17.0863 3892 ComputerName: JHEMP-PC
    14:30:17.0863 3892 UserName: jhemp
    14:30:17.0863 3892 Windows directory: C:\Windows
    14:30:17.0863 3892 System windows directory: C:\Windows
    14:30:17.0863 3892 Running under WOW64
    14:30:17.0863 3892 Processor architecture: Intel x64
    14:30:17.0863 3892 Number of processors: 4
    14:30:17.0863 3892 Page size: 0x1000
    14:30:17.0863 3892 Boot type: Normal boot
    14:30:17.0863 3892 ============================================================
    14:30:18.0853 3892 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    14:30:18.0863 3892 ============================================================
    14:30:18.0863 3892 \Device\Harddisk0\DR0:
    14:30:18.0886 3892 MBR partitions:
    14:30:18.0886 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
    14:30:18.0886 3892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x72952000
    14:30:18.0886 3892 ============================================================
    14:30:18.0912 3892 C: <-> \Device\Harddisk0\DR0\Partition2
    14:30:18.0913 3892 ============================================================
    14:30:18.0913 3892 Initialize success
    14:30:18.0913 3892 ============================================================
    14:33:43.0898 2248 ============================================================
    14:33:43.0898 2248 Scan started
    14:33:43.0898 2248 Mode: Manual;
    14:33:43.0898 2248 ============================================================
    14:33:44.0339 2248 ================ Scan system memory ========================
    14:33:44.0339 2248 System memory - ok
    14:33:44.0340 2248 ================ Scan services =============================
    14:33:44.0472 2248 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    14:33:44.0477 2248 1394ohci - ok
    14:33:44.0492 2248 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    14:33:44.0496 2248 ACPI - ok
    14:33:44.0538 2248 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    14:33:44.0541 2248 AcpiPmi - ok
    14:33:44.0677 2248 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    14:33:44.0697 2248 AdobeARMservice - ok
    14:33:44.0783 2248 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    14:33:44.0785 2248 AdobeFlashPlayerUpdateSvc - ok
    14:33:44.0805 2248 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    14:33:44.0812 2248 adp94xx - ok
    14:33:44.0820 2248 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    14:33:44.0825 2248 adpahci - ok
    14:33:44.0833 2248 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    14:33:44.0835 2248 adpu320 - ok
    14:33:44.0858 2248 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    14:33:44.0858 2248 AeLookupSvc - ok
    14:33:44.0919 2248 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    14:33:44.0925 2248 AFD - ok
    14:33:44.0936 2248 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    14:33:44.0938 2248 agp440 - ok
    14:33:44.0952 2248 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    14:33:44.0953 2248 ALG - ok
    14:33:44.0960 2248 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    14:33:44.0960 2248 aliide - ok
    14:33:44.0992 2248 [ 310F88A93C3B02E3D1F906FB57B9E01E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    14:33:44.0992 2248 AMD External Events Utility - ok
    14:33:45.0007 2248 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    14:33:45.0007 2248 amdide - ok
    14:33:45.0007 2248 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    14:33:45.0007 2248 AmdK8 - ok
    14:33:45.0148 2248 [ 62DDF55680F8C53E4B8DDE4189ADA0B8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    14:33:45.0304 2248 amdkmdag - ok
    14:33:45.0319 2248 [ 51F027DFFEDFB8D763FABFFA06B56E6D ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    14:33:45.0319 2248 amdkmdap - ok
    14:33:45.0335 2248 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    14:33:45.0335 2248 AmdPPM - ok
    14:33:45.0350 2248 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    14:33:45.0350 2248 amdsata - ok
    14:33:45.0350 2248 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    14:33:45.0366 2248 amdsbs - ok
    14:33:45.0382 2248 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    14:33:45.0382 2248 amdxata - ok
    14:33:45.0397 2248 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    14:33:45.0397 2248 AppID - ok
    14:33:45.0437 2248 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    14:33:45.0438 2248 AppIDSvc - ok
    14:33:45.0451 2248 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    14:33:45.0453 2248 Appinfo - ok
    14:33:45.0486 2248 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    14:33:45.0488 2248 arc - ok
    14:33:45.0513 2248 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    14:33:45.0516 2248 arcsas - ok
    14:33:45.0610 2248 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    14:33:45.0612 2248 aspnet_state - ok
    14:33:45.0623 2248 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    14:33:45.0625 2248 AsyncMac - ok
    14:33:45.0643 2248 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    14:33:45.0644 2248 atapi - ok
    14:33:45.0700 2248 [ 96ABF88241F90FF647E55C934C55C2F1 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    14:33:45.0738 2248 athr - ok
    14:33:45.0755 2248 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    14:33:45.0757 2248 AtiHDAudioService - ok
    14:33:45.0772 2248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    14:33:45.0778 2248 AudioEndpointBuilder - ok
    14:33:45.0785 2248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    14:33:45.0788 2248 AudioSrv - ok
    14:33:45.0975 2248 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    14:33:45.0995 2248 AVGIDSAgent - ok
    14:33:46.0046 2248 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    14:33:46.0048 2248 AVGIDSDriver - ok
    14:33:46.0065 2248 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    14:33:46.0066 2248 AVGIDSFilter - ok
    14:33:46.0087 2248 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    14:33:46.0088 2248 AVGIDSHA - ok
    14:33:46.0115 2248 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    14:33:46.0118 2248 Avgldx64 - ok
    14:33:46.0137 2248 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    14:33:46.0138 2248 Avgmfx64 - ok
    14:33:46.0160 2248 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    14:33:46.0161 2248 Avgrkx64 - ok
    14:33:46.0169 2248 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    14:33:46.0172 2248 Avgtdia - ok
    14:33:46.0207 2248 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    14:33:46.0209 2248 avgwd - ok
    14:33:46.0258 2248 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    14:33:46.0259 2248 AxInstSV - ok
    14:33:46.0323 2248 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    14:33:46.0330 2248 b06bdrv - ok
    14:33:46.0400 2248 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:33:46.0400 2248 b57nd60a - ok
    14:33:46.0463 2248 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    14:33:46.0478 2248 BBSvc - ok
    14:33:46.0510 2248 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    14:33:46.0510 2248 BBUpdate - ok
    14:33:46.0525 2248 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    14:33:46.0525 2248 BDESVC - ok
    14:33:46.0541 2248 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    14:33:46.0541 2248 Beep - ok
    14:33:46.0619 2248 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    14:33:46.0619 2248 BFE - ok
    14:33:46.0666 2248 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    14:33:46.0666 2248 BITS - ok
    14:33:46.0681 2248 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    14:33:46.0681 2248 blbdrive - ok
    14:33:46.0728 2248 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    14:33:46.0728 2248 bowser - ok
    14:33:46.0744 2248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    14:33:46.0744 2248 BrFiltLo - ok
    14:33:46.0759 2248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    14:33:46.0759 2248 BrFiltUp - ok
    14:33:46.0790 2248 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    14:33:46.0790 2248 BridgeMP - ok
    14:33:46.0837 2248 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    14:33:46.0837 2248 Browser - ok
    14:33:46.0837 2248 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    14:33:46.0853 2248 Brserid - ok
    14:33:46.0868 2248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    14:33:46.0868 2248 BrSerWdm - ok
    14:33:46.0868 2248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:33:46.0868 2248 BrUsbMdm - ok
    14:33:46.0884 2248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    14:33:46.0884 2248 BrUsbSer - ok
    14:33:46.0900 2248 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    14:33:46.0900 2248 BTHMODEM - ok
    14:33:46.0915 2248 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    14:33:46.0915 2248 bthserv - ok
    14:33:46.0931 2248 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    14:33:46.0931 2248 cdfs - ok
    14:33:46.0946 2248 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    14:33:46.0946 2248 cdrom - ok
    14:33:46.0962 2248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    14:33:46.0962 2248 CertPropSvc - ok
    14:33:46.0978 2248 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    14:33:46.0978 2248 circlass - ok
    14:33:47.0003 2248 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    14:33:47.0008 2248 CLFS - ok
    14:33:47.0057 2248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:33:47.0060 2248 clr_optimization_v2.0.50727_32 - ok
    14:33:47.0082 2248 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    14:33:47.0085 2248 clr_optimization_v2.0.50727_64 - ok
    14:33:47.0147 2248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:33:47.0149 2248 clr_optimization_v4.0.30319_32 - ok
    14:33:47.0162 2248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    14:33:47.0164 2248 clr_optimization_v4.0.30319_64 - ok
    14:33:47.0176 2248 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    14:33:47.0178 2248 CmBatt - ok
    14:33:47.0186 2248 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    14:33:47.0188 2248 cmdide - ok
    14:33:47.0235 2248 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    14:33:47.0241 2248 CNG - ok
    14:33:47.0323 2248 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
    14:33:47.0344 2248 CnxtHdAudService - ok
    14:33:47.0354 2248 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    14:33:47.0355 2248 Compbatt - ok
    14:33:47.0367 2248 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    14:33:47.0368 2248 CompositeBus - ok
    14:33:47.0370 2248 COMSysApp - ok
    14:33:47.0377 2248 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    14:33:47.0378 2248 crcdisk - ok
    14:33:47.0436 2248 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    14:33:47.0439 2248 CryptSvc - ok
    14:33:47.0469 2248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    14:33:47.0475 2248 DcomLaunch - ok
    14:33:47.0491 2248 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    14:33:47.0494 2248 defragsvc - ok
    14:33:47.0580 2248 [ 88D5FE2109F1A52CF69BA410082A833A ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    14:33:47.0594 2248 DellDigitalDelivery - ok
    14:33:47.0602 2248 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    14:33:47.0605 2248 DfsC - ok
    14:33:47.0624 2248 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    14:33:47.0629 2248 Dhcp - ok
    14:33:47.0635 2248 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    14:33:47.0636 2248 discache - ok
    14:33:47.0645 2248 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    14:33:47.0647 2248 Disk - ok
    14:33:47.0675 2248 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    14:33:47.0679 2248 Dnscache - ok
    14:33:47.0688 2248 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    14:33:47.0692 2248 dot3svc - ok
    14:33:47.0704 2248 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    14:33:47.0707 2248 DPS - ok
    14:33:47.0746 2248 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    14:33:47.0748 2248 drmkaud - ok
    14:33:47.0773 2248 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    14:33:47.0780 2248 DXGKrnl - ok
    14:33:47.0794 2248 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    14:33:47.0796 2248 EapHost - ok
    14:33:47.0856 2248 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    14:33:47.0916 2248 ebdrv - ok
    14:33:47.0941 2248 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    14:33:47.0942 2248 EFS - ok
    14:33:47.0987 2248 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    14:33:47.0987 2248 ehRecvr - ok
    14:33:48.0002 2248 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    14:33:48.0002 2248 ehSched - ok
    14:33:48.0018 2248 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    14:33:48.0034 2248 elxstor - ok
    14:33:48.0034 2248 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    14:33:48.0034 2248 ErrDev - ok
    14:33:48.0049 2248 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    14:33:48.0049 2248 EventSystem - ok
    14:33:48.0065 2248 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    14:33:48.0065 2248 exfat - ok
    14:33:48.0096 2248 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    14:33:48.0096 2248 fastfat - ok
    14:33:48.0127 2248 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    14:33:48.0127 2248 Fax - ok
    14:33:48.0127 2248 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    14:33:48.0127 2248 fdc - ok
    14:33:48.0174 2248 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    14:33:48.0174 2248 fdPHost - ok
    14:33:48.0205 2248 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    14:33:48.0205 2248 FDResPub - ok
    14:33:48.0231 2248 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    14:33:48.0233 2248 FileInfo - ok
    14:33:48.0244 2248 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    14:33:48.0245 2248 Filetrace - ok
    14:33:48.0249 2248 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    14:33:48.0251 2248 flpydisk - ok
    14:33:48.0269 2248 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    14:33:48.0273 2248 FltMgr - ok
    14:33:48.0308 2248 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    14:33:48.0322 2248 FontCache - ok
    14:33:48.0354 2248 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    14:33:48.0355 2248 FontCache3.0.0.0 - ok
    14:33:48.0368 2248 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    14:33:48.0369 2248 FsDepends - ok
    14:33:48.0389 2248 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    14:33:48.0390 2248 Fs_Rec - ok
    14:33:48.0419 2248 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    14:33:48.0422 2248 fvevol - ok
    14:33:48.0439 2248 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    14:33:48.0441 2248 gagp30kx - ok
    14:33:48.0523 2248 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    14:33:48.0527 2248 GamesAppService - ok
    14:33:48.0551 2248 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    14:33:48.0561 2248 gpsvc - ok
    14:33:48.0571 2248 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    14:33:48.0573 2248 hcw85cir - ok
    14:33:48.0616 2248 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:33:48.0618 2248 HDAudBus - ok
    14:33:48.0631 2248 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    14:33:48.0633 2248 HidBatt - ok
    14:33:48.0643 2248 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    14:33:48.0646 2248 HidBth - ok
    14:33:48.0666 2248 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    14:33:48.0668 2248 HidIr - ok
    14:33:48.0671 2248 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    14:33:48.0673 2248 hidserv - ok
    14:33:48.0700 2248 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    14:33:48.0703 2248 HidUsb - ok
    14:33:48.0724 2248 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    14:33:48.0726 2248 hkmsvc - ok
    14:33:48.0736 2248 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    14:33:48.0739 2248 HomeGroupListener - ok
    14:33:48.0760 2248 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    14:33:48.0764 2248 HomeGroupProvider - ok
    14:33:48.0780 2248 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    14:33:48.0783 2248 HpSAMD - ok
    14:33:48.0805 2248 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    14:33:48.0814 2248 HTTP - ok
    14:33:48.0825 2248 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    14:33:48.0826 2248 hwpolicy - ok
    14:33:48.0872 2248 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    14:33:48.0875 2248 i8042prt - ok
    14:33:48.0907 2248 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    14:33:48.0914 2248 iaStorV - ok
    14:33:48.0970 2248 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    14:33:48.0982 2248 idsvc - ok
    14:33:48.0996 2248 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    14:33:48.0998 2248 iirsp - ok
    14:33:49.0028 2248 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    14:33:49.0039 2248 IKEEXT - ok
    14:33:49.0059 2248 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    14:33:49.0060 2248 intelide - ok
    14:33:49.0067 2248 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    14:33:49.0069 2248 intelppm - ok
    14:33:49.0074 2248 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    14:33:49.0076 2248 IPBusEnum - ok
    14:33:49.0095 2248 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:33:49.0098 2248 IpFilterDriver - ok
    14:33:49.0121 2248 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    14:33:49.0129 2248 iphlpsvc - ok
    14:33:49.0141 2248 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    14:33:49.0147 2248 IPMIDRV - ok
    14:33:49.0152 2248 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    14:33:49.0154 2248 IPNAT - ok
    14:33:49.0168 2248 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    14:33:49.0169 2248 IRENUM - ok
    14:33:49.0172 2248 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    14:33:49.0174 2248 isapnp - ok
    14:33:49.0191 2248 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    14:33:49.0195 2248 iScsiPrt - ok
    14:33:49.0199 2248 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    14:33:49.0199 2248 kbdclass - ok
    14:33:49.0199 2248 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    14:33:49.0199 2248 kbdhid - ok
    14:33:49.0214 2248 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    14:33:49.0214 2248 KeyIso - ok
    14:33:49.0246 2248 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    14:33:49.0261 2248 KSecDD - ok
    14:33:49.0261 2248 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    14:33:49.0261 2248 KSecPkg - ok
    14:33:49.0277 2248 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    14:33:49.0277 2248 ksthunk - ok
    14:33:49.0339 2248 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    14:33:49.0355 2248 KtmRm - ok
    14:33:49.0402 2248 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    14:33:49.0402 2248 LanmanServer - ok
    14:33:49.0433 2248 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    14:33:49.0433 2248 LanmanWorkstation - ok
    14:33:49.0480 2248 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    14:33:49.0480 2248 lltdio - ok
    14:33:49.0495 2248 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    14:33:49.0495 2248 lltdsvc - ok
    14:33:49.0542 2248 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    14:33:49.0542 2248 lmhosts - ok
    14:33:49.0558 2248 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    14:33:49.0573 2248 LSI_FC - ok
    14:33:49.0573 2248 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    14:33:49.0573 2248 LSI_SAS - ok
    14:33:49.0589 2248 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    14:33:49.0589 2248 LSI_SAS2 - ok
    14:33:49.0589 2248 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    14:33:49.0604 2248 LSI_SCSI - ok
    14:33:49.0604 2248 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    14:33:49.0620 2248 luafv - ok
    14:33:49.0689 2248 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    14:33:49.0690 2248 MBAMProtector - ok
    14:33:49.0725 2248 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    14:33:49.0730 2248 MBAMService - ok
    14:33:49.0751 2248 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    14:33:49.0755 2248 Mcx2Svc - ok
    14:33:49.0770 2248 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    14:33:49.0772 2248 megasas - ok
    14:33:49.0818 2248 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    14:33:49.0823 2248 MegaSR - ok
    14:33:49.0845 2248 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    14:33:49.0846 2248 MEIx64 - ok
    14:33:49.0859 2248 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    14:33:49.0861 2248 MMCSS - ok
    14:33:49.0873 2248 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    14:33:49.0875 2248 Modem - ok
    14:33:49.0895 2248 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    14:33:49.0897 2248 monitor - ok
    14:33:49.0944 2248 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    14:33:49.0946 2248 mouclass - ok
    14:33:49.0959 2248 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    14:33:49.0961 2248 mouhid - ok
    14:33:49.0973 2248 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    14:33:49.0975 2248 mountmgr - ok
    14:33:49.0980 2248 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    14:33:49.0983 2248 mpio - ok
    14:33:49.0996 2248 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    14:33:49.0998 2248 mpsdrv - ok
    14:33:50.0016 2248 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    14:33:50.0025 2248 MpsSvc - ok
    14:33:50.0044 2248 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    14:33:50.0047 2248 MRxDAV - ok
    14:33:50.0067 2248 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:33:50.0070 2248 mrxsmb - ok
    14:33:50.0084 2248 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:33:50.0088 2248 mrxsmb10 - ok
    14:33:50.0101 2248 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:33:50.0105 2248 mrxsmb20 - ok
    14:33:50.0125 2248 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    14:33:50.0127 2248 msahci - ok
    14:33:50.0144 2248 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    14:33:50.0148 2248 msdsm - ok
    14:33:50.0163 2248 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    14:33:50.0167 2248 MSDTC - ok
    14:33:50.0183 2248 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    14:33:50.0184 2248 Msfs - ok
    14:33:50.0228 2248 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    14:33:50.0229 2248 mshidkmdf - ok
    14:33:50.0254 2248 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    14:33:50.0255 2248 msisadrv - ok
    14:33:50.0272 2248 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    14:33:50.0276 2248 MSiSCSI - ok
    14:33:50.0280 2248 msiserver - ok
    14:33:50.0324 2248 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    14:33:50.0326 2248 MSKSSRV - ok
    14:33:50.0337 2248 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    14:33:50.0340 2248 MSPCLOCK - ok
    14:33:50.0346 2248 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    14:33:50.0348 2248 MSPQM - ok
    14:33:50.0365 2248 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    14:33:50.0370 2248 MsRPC - ok
    14:33:50.0379 2248 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    14:33:50.0381 2248 mssmbios - ok
    14:33:50.0389 2248 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    14:33:50.0391 2248 MSTEE - ok
    14:33:50.0405 2248 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    14:33:50.0407 2248 MTConfig - ok
    14:33:50.0416 2248 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    14:33:50.0418 2248 Mup - ok
    14:33:50.0438 2248 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    14:33:50.0445 2248 napagent - ok
    14:33:50.0500 2248 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    14:33:50.0504 2248 NativeWifiP - ok
    14:33:50.0594 2248 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
    14:33:50.0600 2248 NAUpdate - ok
    14:33:50.0623 2248 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
    14:33:50.0639 2248 NDIS - ok
    14:33:50.0655 2248 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    14:33:50.0655 2248 NdisCap - ok
    14:33:50.0701 2248 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    14:33:50.0701 2248 NdisTapi - ok
    14:33:50.0717 2248 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    14:33:50.0717 2248 Ndisuio - ok
    14:33:50.0733 2248 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    14:33:50.0733 2248 NdisWan - ok
    14:33:50.0733 2248 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    14:33:50.0733 2248 NDProxy - ok
    14:33:50.0748 2248 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    14:33:50.0748 2248 NetBIOS - ok
    14:33:50.0764 2248 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    14:33:50.0764 2248 NetBT - ok
    14:33:50.0779 2248 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    14:33:50.0779 2248 Netlogon - ok
    14:33:50.0826 2248 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    14:33:50.0826 2248 Netman - ok
    14:33:50.0889 2248 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:33:50.0889 2248 NetMsmqActivator - ok
    14:33:50.0889 2248 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:33:50.0889 2248 NetPipeActivator - ok
    14:33:50.0920 2248 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    14:33:50.0920 2248 netprofm - ok
    14:33:50.0920 2248 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:33:50.0920 2248 NetTcpActivator - ok
    14:33:50.0935 2248 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:33:50.0935 2248 NetTcpPortSharing - ok
    14:33:50.0982 2248 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    14:33:50.0982 2248 nfrd960 - ok
    14:33:51.0045 2248 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    14:33:51.0045 2248 NlaSvc - ok
    14:33:51.0154 2248 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    14:33:51.0185 2248 NOBU - ok
    14:33:51.0201 2248 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    14:33:51.0201 2248 Npfs - ok
    14:33:51.0201 2248 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    14:33:51.0201 2248 nsi - ok
    14:33:51.0201 2248 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    14:33:51.0216 2248 nsiproxy - ok
    14:33:51.0271 2248 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    14:33:51.0305 2248 Ntfs - ok
    14:33:51.0323 2248 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    14:33:51.0325 2248 Null - ok
    14:33:51.0373 2248 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    14:33:51.0377 2248 nvraid - ok
    14:33:51.0392 2248 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    14:33:51.0395 2248 nvstor - ok
    14:33:51.0408 2248 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    14:33:51.0411 2248 nv_agp - ok
    14:33:51.0419 2248 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    14:33:51.0422 2248 ohci1394 - ok
    14:33:51.0441 2248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    14:33:51.0446 2248 p2pimsvc - ok
    14:33:51.0488 2248 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    14:33:51.0504 2248 p2psvc - ok
    14:33:51.0516 2248 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    14:33:51.0519 2248 Parport - ok
    14:33:51.0562 2248 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    14:33:51.0565 2248 partmgr - ok
    14:33:51.0574 2248 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    14:33:51.0577 2248 PcaSvc - ok
    14:33:51.0694 2248 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
    14:33:51.0695 2248 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
    14:33:51.0728 2248 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    14:33:51.0730 2248 pci - ok
    14:33:51.0786 2248 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    14:33:51.0788 2248 pciide - ok
    14:33:51.0799 2248 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    14:33:51.0803 2248 pcmcia - ok
    14:33:51.0818 2248 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    14:33:51.0819 2248 pcw - ok
    14:33:51.0838 2248 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    14:33:51.0846 2248 PEAUTH - ok
    14:33:51.0889 2248 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    14:33:51.0891 2248 PerfHost - ok
    14:33:51.0925 2248 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    14:33:51.0951 2248 pla - ok
    14:33:52.0005 2248 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    14:33:52.0011 2248 PlugPlay - ok
    14:33:52.0021 2248 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    14:33:52.0024 2248 PNRPAutoReg - ok
    14:33:52.0041 2248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    14:33:52.0045 2248 PNRPsvc - ok
    14:33:52.0068 2248 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    14:33:52.0074 2248 PolicyAgent - ok
    14:33:52.0100 2248 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
    14:33:52.0104 2248 Power - ok
    14:33:52.0160 2248 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    14:33:52.0164 2248 PptpMiniport - ok
    14:33:52.0168 2248 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    14:33:52.0170 2248 Processor - ok
    14:33:52.0211 2248 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    14:33:52.0211 2248 ProfSvc - ok
    14:33:52.0226 2248 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    14:33:52.0226 2248 ProtectedStorage - ok
    14:33:52.0242 2248 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    14:33:52.0242 2248 Psched - ok
    14:33:52.0258 2248 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    14:33:52.0273 2248 PxHlpa64 - ok
    14:33:52.0336 2248 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    14:33:52.0351 2248 ql2300 - ok
    14:33:52.0367 2248 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    14:33:52.0367 2248 ql40xx - ok
    14:33:52.0382 2248 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    14:33:52.0382 2248 QWAVE - ok
    14:33:52.0398 2248 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    14:33:52.0398 2248 QWAVEdrv - ok
    14:33:52.0398 2248 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    14:33:52.0398 2248 RasAcd - ok
    14:33:52.0429 2248 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:33:52.0429 2248 RasAgileVpn - ok
    14:33:52.0429 2248 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    14:33:52.0429 2248 RasAuto - ok
    14:33:52.0445 2248 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:33:52.0445 2248 Rasl2tp - ok
    14:33:52.0504 2248 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    14:33:52.0510 2248 RasMan - ok
    14:33:52.0521 2248 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    14:33:52.0524 2248 RasPppoe - ok
    14:33:52.0537 2248 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    14:33:52.0540 2248 RasSstp - ok
    14:33:52.0561 2248 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    14:33:52.0565 2248 rdbss - ok
    14:33:52.0577 2248 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    14:33:52.0579 2248 rdpbus - ok
    14:33:52.0627 2248 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:33:52.0628 2248 RDPCDD - ok
    14:33:52.0680 2248 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    14:33:52.0681 2248 RDPENCDD - ok
    14:33:52.0726 2248 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    14:33:52.0726 2248 RDPREFMP - ok
    14:33:52.0745 2248 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    14:33:52.0749 2248 RDPWD - ok
    14:33:52.0800 2248 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    14:33:52.0803 2248 rdyboost - ok
    14:33:52.0822 2248 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    14:33:52.0825 2248 RemoteAccess - ok
    14:33:52.0835 2248 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    14:33:52.0838 2248 RemoteRegistry - ok
    14:33:52.0930 2248 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    14:33:52.0956 2248 RoxMediaDB12OEM - ok
    14:33:53.0002 2248 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    14:33:53.0005 2248 RoxWatch12 - ok
    14:33:53.0019 2248 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    14:33:53.0021 2248 RpcEptMapper - ok
    14:33:53.0023 2248 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    14:33:53.0024 2248 RpcLocator - ok
    14:33:53.0037 2248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    14:33:53.0040 2248 RpcSs - ok
    14:33:53.0047 2248 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    14:33:53.0049 2248 rspndr - ok
    14:33:53.0117 2248 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    14:33:53.0122 2248 RTL8167 - ok
    14:33:53.0135 2248 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    14:33:53.0137 2248 SamSs - ok
    14:33:53.0153 2248 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    14:33:53.0156 2248 sbp2port - ok
    14:33:53.0170 2248 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    14:33:53.0174 2248 SCardSvr - ok
    14:33:53.0184 2248 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    14:33:53.0185 2248 scfilter - ok
    14:33:53.0206 2248 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    14:33:53.0232 2248 Schedule - ok
    14:33:53.0250 2248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    14:33:53.0252 2248 SCPolicySvc - ok
    14:33:53.0261 2248 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    14:33:53.0264 2248 SDRSVC - ok
    14:33:53.0289 2248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    14:33:53.0291 2248 secdrv - ok
    14:33:53.0329 2248 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    14:33:53.0331 2248 seclogon - ok
    14:33:53.0380 2248 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    14:33:53.0383 2248 SENS - ok
    14:33:53.0411 2248 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    14:33:53.0413 2248 SensrSvc - ok
    14:33:53.0441 2248 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    14:33:53.0457 2248 Serenum - ok
    14:33:53.0504 2248 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    14:33:53.0504 2248 Serial - ok
    14:33:53.0504 2248 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    14:33:53.0504 2248 sermouse - ok
    14:33:53.0535 2248 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    14:33:53.0535 2248 SessionEnv - ok
    14:33:53.0535 2248 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    14:33:53.0535 2248 sffdisk - ok
    14:33:53.0551 2248 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    14:33:53.0551 2248 sffp_mmc - ok
    14:33:53.0551 2248 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    14:33:53.0551 2248 sffp_sd - ok
    14:33:53.0551 2248 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    14:33:53.0551 2248 sfloppy - ok
    14:33:53.0613 2248 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    14:33:53.0629 2248 SftService - ok
     
    imjhemp,
    #14
  16. 2012/09/09
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    14:33:53.0691 2248 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    14:33:53.0691 2248 SharedAccess - ok
    14:33:53.0707 2248 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    14:33:53.0722 2248 ShellHWDetection - ok
    14:33:53.0722 2248 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    14:33:53.0722 2248 SiSRaid2 - ok
    14:33:53.0738 2248 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    14:33:53.0738 2248 SiSRaid4 - ok
    14:33:53.0738 2248 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    14:33:53.0753 2248 Smb - ok
    14:33:53.0753 2248 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    14:33:53.0769 2248 SNMPTRAP - ok
    14:33:53.0769 2248 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    14:33:53.0769 2248 spldr - ok
    14:33:53.0831 2248 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    14:33:53.0831 2248 Spooler - ok
    14:33:53.0896 2248 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    14:33:53.0955 2248 sppsvc - ok
    14:33:53.0958 2248 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    14:33:53.0959 2248 sppuinotify - ok
    14:33:53.0986 2248 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    14:33:53.0991 2248 srv - ok
    14:33:54.0006 2248 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    14:33:54.0011 2248 srv2 - ok
    14:33:54.0023 2248 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    14:33:54.0025 2248 srvnet - ok
    14:33:54.0077 2248 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    14:33:54.0081 2248 SSDPSRV - ok
    14:33:54.0092 2248 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    14:33:54.0095 2248 SstpSvc - ok
    14:33:54.0105 2248 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    14:33:54.0107 2248 stexstor - ok
    14:33:54.0135 2248 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    14:33:54.0144 2248 stisvc - ok
    14:33:54.0175 2248 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    14:33:54.0178 2248 stllssvr - ok
    14:33:54.0195 2248 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    14:33:54.0196 2248 swenum - ok
    14:33:54.0210 2248 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    14:33:54.0218 2248 swprv - ok
    14:33:54.0251 2248 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    14:33:54.0284 2248 SysMain - ok
    14:33:54.0293 2248 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    14:33:54.0296 2248 TabletInputService - ok
    14:33:54.0310 2248 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    14:33:54.0315 2248 TapiSrv - ok
    14:33:54.0335 2248 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    14:33:54.0337 2248 TBS - ok
    14:33:54.0426 2248 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    14:33:54.0460 2248 Tcpip - ok
    14:33:54.0543 2248 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    14:33:54.0554 2248 TCPIP6 - ok
    14:33:54.0569 2248 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    14:33:54.0569 2248 tcpipreg - ok
    14:33:54.0578 2248 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    14:33:54.0580 2248 TDPIPE - ok
    14:33:54.0600 2248 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    14:33:54.0602 2248 TDTCP - ok
    14:33:54.0619 2248 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    14:33:54.0622 2248 tdx - ok
    14:33:54.0666 2248 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    14:33:54.0667 2248 TermDD - ok
    14:33:54.0682 2248 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    14:33:54.0691 2248 TermService - ok
    14:33:54.0699 2248 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    14:33:54.0701 2248 Themes - ok
    14:33:54.0725 2248 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    14:33:54.0726 2248 THREADORDER - ok
    14:33:54.0735 2248 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    14:33:54.0738 2248 TrkWks - ok
    14:33:54.0768 2248 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    14:33:54.0771 2248 TrustedInstaller - ok
    14:33:54.0786 2248 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:33:54.0787 2248 tssecsrv - ok
    14:33:54.0802 2248 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    14:33:54.0804 2248 TsUsbFlt - ok
    14:33:54.0819 2248 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    14:33:54.0821 2248 TsUsbGD - ok
    14:33:54.0866 2248 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    14:33:54.0866 2248 tunnel - ok
    14:33:54.0866 2248 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    14:33:54.0866 2248 uagp35 - ok
    14:33:54.0881 2248 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    14:33:54.0897 2248 udfs - ok
    14:33:54.0897 2248 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    14:33:54.0913 2248 UI0Detect - ok
    14:33:54.0944 2248 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    14:33:54.0944 2248 uliagpkx - ok
    14:33:54.0959 2248 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    14:33:54.0959 2248 umbus - ok
    14:33:54.0959 2248 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    14:33:54.0959 2248 UmPass - ok
    14:33:54.0991 2248 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    14:33:55.0006 2248 upnphost - ok
    14:33:55.0069 2248 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
    14:33:55.0069 2248 usbccgp - ok
    14:33:55.0084 2248 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    14:33:55.0084 2248 usbcir - ok
    14:33:55.0100 2248 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    14:33:55.0100 2248 usbehci - ok
    14:33:55.0131 2248 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    14:33:55.0131 2248 usbhub - ok
    14:33:55.0162 2248 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    14:33:55.0162 2248 usbohci - ok
    14:33:55.0178 2248 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    14:33:55.0178 2248 usbprint - ok
    14:33:55.0193 2248 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:33:55.0193 2248 USBSTOR - ok
    14:33:55.0209 2248 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    14:33:55.0209 2248 usbuhci - ok
    14:33:55.0225 2248 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    14:33:55.0225 2248 UxSms - ok
    14:33:55.0240 2248 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    14:33:55.0240 2248 VaultSvc - ok
    14:33:55.0240 2248 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    14:33:55.0240 2248 vdrvroot - ok
    14:33:55.0256 2248 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    14:33:55.0271 2248 vds - ok
    14:33:55.0318 2248 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    14:33:55.0318 2248 vga - ok
    14:33:55.0349 2248 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    14:33:55.0349 2248 VgaSave - ok
    14:33:55.0365 2248 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    14:33:55.0365 2248 vhdmp - ok
    14:33:55.0381 2248 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    14:33:55.0381 2248 viaide - ok
    14:33:55.0396 2248 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    14:33:55.0396 2248 volmgr - ok
    14:33:55.0412 2248 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    14:33:55.0412 2248 volmgrx - ok
    14:33:55.0427 2248 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    14:33:55.0427 2248 volsnap - ok
    14:33:55.0490 2248 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    14:33:55.0493 2248 vsmraid - ok
    14:33:55.0528 2248 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    14:33:55.0562 2248 VSS - ok
    14:33:55.0575 2248 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    14:33:55.0576 2248 vwifibus - ok
    14:33:55.0617 2248 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    14:33:55.0619 2248 vwififlt - ok
    14:33:55.0672 2248 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    14:33:55.0673 2248 vwifimp - ok
    14:33:55.0687 2248 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    14:33:55.0693 2248 W32Time - ok
    14:33:55.0699 2248 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    14:33:55.0701 2248 WacomPen - ok
    14:33:55.0709 2248 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    14:33:55.0712 2248 WANARP - ok
    14:33:55.0715 2248 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    14:33:55.0717 2248 Wanarpv6 - ok
    14:33:55.0805 2248 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    14:33:55.0831 2248 WatAdminSvc - ok
    14:33:55.0866 2248 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    14:33:55.0892 2248 wbengine - ok
    14:33:55.0902 2248 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    14:33:55.0906 2248 WbioSrvc - ok
    14:33:55.0914 2248 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    14:33:55.0920 2248 wcncsvc - ok
    14:33:55.0929 2248 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    14:33:55.0931 2248 WcsPlugInService - ok
    14:33:55.0933 2248 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    14:33:55.0935 2248 Wd - ok
    14:33:55.0960 2248 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    14:33:55.0968 2248 Wdf01000 - ok
    14:33:55.0984 2248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    14:33:55.0987 2248 WdiServiceHost - ok
    14:33:55.0991 2248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    14:33:55.0993 2248 WdiSystemHost - ok
    14:33:56.0007 2248 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    14:33:56.0012 2248 WebClient - ok
    14:33:56.0027 2248 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    14:33:56.0032 2248 Wecsvc - ok
    14:33:56.0044 2248 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    14:33:56.0047 2248 wercplsupport - ok
    14:33:56.0095 2248 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    14:33:56.0101 2248 WerSvc - ok
    14:33:56.0112 2248 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    14:33:56.0114 2248 WfpLwf - ok
    14:33:56.0139 2248 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    14:33:56.0142 2248 WimFltr - ok
    14:33:56.0157 2248 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    14:33:56.0159 2248 WIMMount - ok
    14:33:56.0183 2248 WinDefend - ok
    14:33:56.0189 2248 WinHttpAutoProxySvc - ok
    14:33:56.0239 2248 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    14:33:56.0243 2248 Winmgmt - ok
    14:33:56.0281 2248 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    14:33:56.0308 2248 WinRM - ok
    14:33:56.0333 2248 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    14:33:56.0344 2248 Wlansvc - ok
    14:33:56.0391 2248 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    14:33:56.0393 2248 wlcrasvc - ok
    14:33:56.0452 2248 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    14:33:56.0484 2248 wlidsvc - ok
    14:33:56.0484 2248 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    14:33:56.0499 2248 WmiAcpi - ok
    14:33:56.0515 2248 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    14:33:56.0515 2248 wmiApSrv - ok
    14:33:56.0562 2248 WMPNetworkSvc - ok
    14:33:56.0593 2248 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    14:33:56.0593 2248 WPCSvc - ok
    14:33:56.0608 2248 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    14:33:56.0624 2248 WPDBusEnum - ok
    14:33:56.0624 2248 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    14:33:56.0624 2248 ws2ifsl - ok
    14:33:56.0640 2248 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    14:33:56.0640 2248 wscsvc - ok
    14:33:56.0640 2248 WSearch - ok
    14:33:56.0721 2248 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    14:33:56.0764 2248 wuauserv - ok
    14:33:56.0779 2248 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    14:33:56.0781 2248 WudfPf - ok
    14:33:56.0823 2248 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:33:56.0826 2248 WUDFRd - ok
    14:33:56.0835 2248 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    14:33:56.0838 2248 wudfsvc - ok
    14:33:56.0848 2248 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    14:33:56.0853 2248 WwanSvc - ok
    14:33:56.0878 2248 ================ Scan global ===============================
    14:33:56.0905 2248 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    14:33:56.0926 2248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    14:33:56.0934 2248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    14:33:56.0953 2248 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    14:33:56.0980 2248 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    14:33:56.0984 2248 [Global] - ok
    14:33:56.0984 2248 ================ Scan MBR ==================================
    14:33:56.0996 2248 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    14:33:57.0138 2248 \Device\Harddisk0\DR0 - ok
    14:33:57.0139 2248 ================ Scan VBR ==================================
    14:33:57.0140 2248 [ 729B17964C3B47A6FA78FE9BDC2D99DD ] \Device\Harddisk0\DR0\Partition1
    14:33:57.0142 2248 \Device\Harddisk0\DR0\Partition1 - ok
    14:33:57.0157 2248 [ 13FA7D97EAE2E2CB11E05546016239D5 ] \Device\Harddisk0\DR0\Partition2
    14:33:57.0159 2248 \Device\Harddisk0\DR0\Partition2 - ok
    14:33:57.0159 2248 ============================================================
    14:33:57.0159 2248 Scan finished
    14:33:57.0159 2248 ============================================================
    14:33:57.0167 2732 Detected object count: 0
    14:33:57.0167 2732 Actual detected object count: 0
    14:41:26.0910 5412 Deinitialize success
     
    imjhemp,
    #15
  17. 2012/09/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    [color= "#0000FF"]To enter System Recovery Options from the Advanced Boot Options:[/color]
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    [color= "#0000FF"]To enter System Recovery Options by using Windows installation disc:[/color]
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    [color= "#008000"]On the System Recovery Options menu you will get the following options:[/color]

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type [color= "#FF0000"]e[/color]:\frst (for x64 bit version type [color= "#FF0000"]e[/color]:\frst64) and press Enter
      Note: Replace letter [color= "#FF0000"]e[/color] with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
    broni,
    #16
  18. 2012/09/09
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    Maybe a stupid question but....It says after downloading the tool onto a flash drive, then plug into the infected computer. Do I need to download this from another computer?
     
    imjhemp,
    #17
  19. 2012/09/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Since this computer is working you can use it for download.
     
    broni,
    #18
  20. 2012/09/09
    imjhemp

    imjhemp Inactive Thread Starter

    Joined:
    2007/03/26
    Messages:
    82
    Likes Received:
    0
    Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012
    Ran by SYSTEM at 09-09-2012 18:11:14
    Running from D:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
    HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] ()
    HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [x]
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\jhemp\...\Run: [Google Update] "C:\Users\jhemp\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-28] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    ==================== Services ====================

    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [173056 2012-08-02] (Dell Products, LP.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

    ==================== Drivers =================================

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

    ==================== NetSvcs (Whitelisted) =================


    ==================== One Month Created Files and Folders ======================

    2012-09-09 14:58 - 2012-09-09 14:58 - 01453141 ____A (Farbar) C:\Users\jhemp\Downloads\FRST64 (1).exe
    2012-09-09 14:24 - 2012-09-09 14:24 - 00035045 ____A C:\Users\jhemp\Downloads\FRST.txt
    2012-09-09 14:19 - 2012-09-09 14:24 - 00000000 ____D C:\FRST
    2012-09-09 14:17 - 2012-09-09 14:17 - 01453141 ____A (Farbar) C:\Users\jhemp\Downloads\FRST64.exe
    2012-09-09 11:25 - 2012-09-09 11:25 - 02193184 ____A C:\Users\jhemp\Downloads\tdsskiller (1).zip
    2012-09-09 11:24 - 2012-09-09 11:24 - 02193184 ____A C:\Users\jhemp\Downloads\tdsskiller.zip
    2012-09-09 10:08 - 2012-09-09 10:08 - 00894952 ____A (Oracle Corporation) C:\Users\jhemp\Downloads\chromeinstall-7u7.exe
    2012-09-08 06:12 - 2012-09-08 06:12 - 00000000 ___HD C:\$AVG
    2012-09-07 21:33 - 2012-09-07 21:33 - 00022951 ____A C:\ComboFix.txt
    2012-09-07 21:23 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-09-07 20:10 - 2012-09-07 20:10 - 00005162 ____A C:\Windows\SysWOW64\commonpriv.log
    2012-09-07 20:10 - 2012-09-07 20:10 - 00000000 ____A C:\Windows\SysWOW64\commonpriv.log.lock
    2012-09-07 19:47 - 2012-09-07 19:47 - 10901120 ____A (OPSWAT, Inc.) C:\Users\jhemp\Downloads\AppRemover (1).exe
    2012-09-07 19:43 - 2012-09-08 01:52 - 00000000 ____D C:\Users\jhemp\Application Data\AVG2012
    2012-09-07 19:43 - 2012-09-08 01:52 - 00000000 ____D C:\Users\jhemp\AppData\Roaming\AVG2012
    2012-09-07 18:57 - 2012-09-07 18:58 - 10901120 ____A (OPSWAT, Inc.) C:\Users\jhemp\Downloads\AppRemover.exe
    2012-09-07 18:30 - 2012-09-08 01:52 - 00000000 ___SD C:\32788R22FWJFW
    2012-09-07 18:30 - 2012-09-08 01:52 - 00000000 ____D C:\Windows\erdnt
    2012-09-07 18:30 - 2012-09-07 21:33 - 00000000 ____D C:\Qoobox
    2012-09-07 18:28 - 2012-09-07 18:28 - 04749820 ____A (Swearware) C:\Users\jhemp\Downloads\ComboFix (1).exe
    2012-09-07 18:26 - 2012-09-07 18:26 - 04749820 ___RA (Swearware) C:\Users\jhemp\Downloads\ComboFix.exe
    2012-09-07 08:26 - 2012-09-07 08:26 - 00002536 ____A C:\Users\jhemp\Downloads\attachment (1)
    2012-09-06 05:37 - 2012-09-06 05:37 - 00001383 ____A C:\Users\jhemp\Desktop\RKreport[2].txt
    2012-09-06 05:32 - 2012-09-06 05:32 - 00001349 ____A C:\Users\jhemp\Desktop\RKreport[1].txt
    2012-09-06 05:30 - 2012-09-06 05:36 - 00000000 ____D C:\Users\jhemp\Desktop\RK_Quarantine
    2012-09-06 05:30 - 2012-09-06 05:30 - 01378816 ____A C:\Users\jhemp\Downloads\RogueKiller.exe
    2012-09-05 05:52 - 2012-09-05 05:52 - 00005409 ____A C:\Users\jhemp\Desktop\Attach.txt
    2012-09-05 05:49 - 2012-09-05 05:49 - 00022149 ____A C:\Users\jhemp\Desktop\DDS.txt
    2012-09-05 05:44 - 2012-09-05 05:44 - 00607260 ____R (Swearware) C:\Users\jhemp\Downloads\dds.com
    2012-09-04 06:49 - 2012-09-04 06:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
    2012-09-04 06:46 - 2012-09-04 06:46 - 01138397 ____A C:\Users\jhemp\Downloads\7z922.exe
    2012-09-04 06:34 - 2012-09-04 06:34 - 01517376 ____A C:\Users\jhemp\Downloads\wrar420.exe
    2012-09-03 14:46 - 2012-09-03 14:46 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 14:46 - 2012-09-03 14:46 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 14:46 - 2012-09-03 14:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-03 14:46 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-03 14:44 - 2012-09-03 14:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\jhemp\Downloads\mbam-setup-1.62.0.1300 (1).exe
    2012-09-03 14:36 - 2012-09-03 14:36 - 00001946 ____A C:\Users\jhemp\Desktop\aswMBR.txt
    2012-09-03 14:36 - 2012-09-03 14:36 - 00000512 ____A C:\Users\jhemp\Desktop\MBR.dat
    2012-09-03 13:55 - 2012-09-03 13:56 - 04731392 ____A (AVAST Software) C:\Users\jhemp\Downloads\aswMBR.exe
    2012-09-03 13:53 - 2012-09-03 13:53 - 00000449 ____A C:\Users\jhemp\Desktop\gmer.log
    2012-09-03 13:35 - 2012-09-03 13:35 - 00302592 ____A C:\Users\jhemp\Downloads\o771unu2.exe
    2012-09-03 13:28 - 2012-09-03 13:28 - 00302592 ____A C:\Users\jhemp\Downloads\swhjqrwl.exe
    2012-09-03 12:41 - 2012-09-03 12:41 - 00060255 ____A C:\Users\jhemp\Downloads\6668976F7F7B7437EE0853022394DC9DB1F7DB68.torrent
    2012-09-02 19:48 - 2012-09-02 19:48 - 00002536 ____A C:\Users\jhemp\Downloads\attachment
    2012-09-02 19:27 - 2012-09-02 21:27 - 00000000 ____D C:\Users\jhemp\Downloads\Men.In.Black.3.2012.DVDRip.XviD-DEPRiVED
    2012-09-02 17:54 - 2012-09-02 17:54 - 00035118 ____A C:\Users\jhemp\Downloads\Men.In.Black.3.2012.DVDRip.XviD-DEPRiVED.torrent
    2012-09-02 17:47 - 2012-09-02 17:47 - 00039816 ____A C:\Users\jhemp\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE.torrent
    2012-09-02 11:32 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-09-02 11:32 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-09-02 09:54 - 2012-09-02 09:54 - 00119736 ____A C:\Users\jhemp\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.720p.BluRay.X264-AMIABLE.torrent
    2012-09-01 11:16 - 2012-09-09 14:50 - 00005040 ____A C:\Windows\setupact.log
    2012-08-30 20:13 - 2012-09-02 17:48 - 00000000 ____D C:\Users\jhemp\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
    2012-08-30 18:53 - 2012-08-30 18:53 - 00030200 ____A C:\Users\jhemp\Downloads\DD82212BDB0919625A3C5F160C27910C5B72D488.torrent
    2012-08-30 16:33 - 2012-09-01 11:10 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-08-30 16:33 - 2012-09-01 11:10 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
    2012-08-30 16:20 - 2012-08-30 16:27 - 48534720 ____A (Safer-Networking Ltd. ) C:\Users\jhemp\Downloads\spybotsd-2.0.9-rc1.exe
    2012-08-30 14:48 - 2012-08-30 14:48 - 00000000 ____D C:\Users\jhemp\Application Data\Malwarebytes
    2012-08-30 14:48 - 2012-08-30 14:48 - 00000000 ____D C:\Users\jhemp\AppData\Roaming\Malwarebytes
    2012-08-30 14:48 - 2012-08-30 14:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-30 14:48 - 2012-08-30 14:48 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-08-30 14:43 - 2012-08-30 14:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\jhemp\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-30 04:53 - 2012-08-30 04:54 - 32600440 ____A C:\Users\jhemp\Downloads\GraboidVideoSetup-3.26.exe
    2012-08-29 16:03 - 2012-08-29 16:15 - 00000000 ____D C:\Users\jhemp\Downloads\Storage.Wars.S03E19.HDTV.x264-EVOLVE
    2012-08-29 14:44 - 2012-08-29 14:44 - 00005703 ____A C:\Users\jhemp\Downloads\Storage.Wars.S03E19.HDTV.x264-EVOLVE.torrent
    2012-08-28 14:53 - 2012-08-28 14:55 - 00000000 ____D C:\Users\jhemp\Downloads\The.Twilight.Quadrilogy.720p.BRRip.XviD.AC3-UNDERCOVER
    2012-08-28 14:45 - 2012-08-28 14:45 - 00017386 ____A C:\Users\jhemp\Downloads\The.Twilight.Quadrilogy.720p.BRRip.XviD.AC3-UNDERCOVER.torrent
    2012-08-28 14:39 - 2012-08-28 14:39 - 00089848 ____A C:\Users\jhemp\Downloads\The.Lord.of.the.Rings.EXTENDED.AC3.720p.Triology.BRRip.XViD-RemixHD.torrent
    2012-08-28 13:03 - 2012-09-01 20:12 - 00002457 ____A C:\Users\jhemp\Desktop\Google Chrome.lnk
    2012-08-28 13:01 - 2012-09-09 15:06 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2641804929-3598768314-1187809908-1000UA.job
    2012-08-28 13:01 - 2012-09-09 13:06 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2641804929-3598768314-1187809908-1000Core.job
    2012-08-28 13:00 - 2012-08-28 13:01 - 00000000 ____D C:\Users\jhemp\Local Settings\Deployment
    2012-08-28 13:00 - 2012-08-28 13:01 - 00000000 ____D C:\Users\jhemp\Local Settings\Application Data\Deployment
    2012-08-28 13:00 - 2012-08-28 13:01 - 00000000 ____D C:\Users\jhemp\AppData\Local\Deployment
    2012-08-28 13:00 - 2012-08-28 13:00 - 00000000 ____D C:\Users\jhemp\AppData\Local\Apps\2.0
    2012-08-27 14:33 - 2012-08-27 14:39 - 00000000 ____D C:\Users\jhemp\Downloads\1,001 Facts that Will Scare the S#t Out of You The Ultimate Bathroom Reader
    2012-08-27 14:06 - 2012-08-27 14:46 - 657799332 ____A C:\Users\jhemp\Downloads\02 - Plyometric Cardio Circuit.avi
    2012-08-26 20:28 - 2012-08-26 21:13 - 00000000 ____D C:\Users\jhemp\Downloads\True.Blood.S05E12.480p.HDTV.x264-mSD
    2012-08-26 17:34 - 2012-08-26 17:36 - 00000000 ____D C:\Users\jhemp\Downloads\Dawn Of The Dead Unrated Directors Cut 2004 BRRip 1080p x264 AC3 - KiNGDOM
    2012-08-25 15:54 - 2012-08-25 17:02 - 00000000 ____D C:\Users\jhemp\Downloads\How.Its.Made.S18E10.HDTV.XviD-AFG
    2012-08-24 18:34 - 2012-08-24 19:31 - 00000000 ____D C:\Users\jhemp\Downloads\28.Days.Later.2002.1080p.Bluray.x264.anoXmous
    2012-08-24 18:34 - 2012-08-24 18:35 - 00000000 ____D C:\Users\jhemp\Downloads\Retreat[2011]BRRip XviD-ExtraTorrentRG
    2012-08-24 17:52 - 2012-08-25 06:56 - 00000000 ____D C:\Users\jhemp\Downloads\The Wire Season 1
    2012-08-24 17:33 - 2012-08-24 17:52 - 00000000 ____D C:\Users\jhemp\Downloads\Insomnia (2002)
    2012-08-24 14:30 - 2012-08-24 16:06 - 00000000 ____D C:\Users\jhemp\Downloads\The Five-Year Engagement.2012.Unrated.DVDRip.XviD.AbSurdiTy
    2012-08-24 10:28 - 2012-09-09 11:29 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\jhemp\Desktop\TDSSKiller.exe
    2012-08-23 19:12 - 2012-08-24 02:01 - 00000000 ____D C:\Users\jhemp\Downloads\The.Cold.Light.Of.Day.2012.720p.BluRay.x264-HAiDEAF
    2012-08-23 18:48 - 2012-08-24 10:56 - 00000000 ____D C:\Users\jhemp\Downloads\Four.Rooms.1995.iNTERNAL.BDRip.XviD-SHK
    2012-08-23 17:50 - 2012-08-23 17:50 - 00000000 ____D C:\Users\jhemp\Downloads\Trailer Park Boys The Countdown To Liquor Day (DL_King)
    2012-08-22 18:55 - 2012-08-22 22:01 - 00000000 ____D C:\Users\jhemp\Downloads\Touchback.2011.FESTiVAL.DVDRip.XViD-LEGEND.(UsaBit.com)
    2012-08-22 17:55 - 2012-08-22 18:21 - 00000000 ____D C:\Users\jhemp\Downloads\Storage.Wars.S03E18.480p.HDTV.x264-mSD
    2012-08-22 03:33 - 2012-08-22 04:26 - 00000000 ____D C:\Users\jhemp\Downloads\Supernatural.Activity.2012.DVDRiP.XviD-PSEUDO
    2012-08-21 18:53 - 2012-08-22 13:05 - 00000000 ____D C:\Users\jhemp\Downloads\Soldiers of Fortune 2012 720p BRRip x264-MgB
    2012-08-21 03:16 - 2012-08-21 06:08 - 00000000 ____D C:\Users\jhemp\Downloads\The Expendables 2010 BRRip 720p x264 DXVA-MXMG
    2012-08-21 03:14 - 2012-08-21 04:01 - 00000000 ____D C:\Users\jhemp\Downloads\[UsaBit.com] - Freelancers.2012.DVDRip.XviD-FiCO
    2012-08-21 03:14 - 2012-08-21 03:35 - 00000000 ____D C:\Users\jhemp\Downloads\Darkness 2002 720p BRRip x264-MgB
    2012-08-20 17:27 - 2012-08-20 17:37 - 00000000 ____D C:\Users\jhemp\Downloads\For The Love Of Money 2012 720p BRRip x264 vice
    2012-08-20 17:24 - 2012-08-20 20:30 - 00000000 ____D C:\Users\jhemp\Downloads\Tape 407 2012 720p BluRay x264-SAiMORNY [EtHD]
    2012-08-20 16:17 - 2012-08-20 16:23 - 00000000 ____D C:\Users\jhemp\Downloads\Headhunters.2011.English.DUBBED.BRRip.XviD-4PlayHD
    2012-08-20 15:41 - 2012-08-20 15:53 - 00000000 ____D C:\Users\jhemp\Downloads\This Means War (2012) DVDRip NL subs DutchReleaseTeam
    2012-08-20 14:14 - 2012-08-20 14:21 - 00000000 ____D C:\Users\jhemp\Downloads\45 Unbelievable Cityscapes HD Wallpapers Set 2~THR999~{HKRG}~
    2012-08-20 12:13 - 2012-08-20 13:27 - 00000000 ____D C:\Users\jhemp\Downloads\Winter's Bone 2010 1080p BDRip H264 AAC - KiNGDOM
    2012-08-19 18:38 - 2012-08-19 18:38 - 00000000 ____D C:\Users\jhemp\Downloads\True.Blood.S05E11.720p.HDTV.x264-EVOLVE [PublicHD]
    2012-08-19 14:22 - 2012-08-19 14:52 - 00000000 ____D C:\Users\jhemp\Downloads\Criminal.Minds.S07.HDTV.XviD-x264-TD
    2012-08-19 11:33 - 2012-08-19 12:07 - 00000000 ____D C:\Users\jhemp\Downloads\True Blood S05E07 HDTV x264-EVOLVE[ettv]
    2012-08-19 11:31 - 2012-08-19 12:22 - 00000000 ____D C:\Users\jhemp\Downloads\True Blood S05E06 HDTV x264-EVOLVE[ettv]
    2012-08-19 11:31 - 2012-08-19 11:32 - 00000000 ____D C:\Users\jhemp\Downloads\True.Blood.S05E05.HDTV.DivX-Atilla82
    2012-08-19 11:29 - 2012-08-19 12:14 - 00000000 ____D C:\Users\jhemp\Downloads\True.Blood.S05E04.HDTV.XviD-AFG
    2012-08-19 11:28 - 2012-08-19 11:55 - 00000000 ____D C:\Users\jhemp\Downloads\True.Blood.S05E03.HDTV.XviD-AFG
    2012-08-19 01:53 - 2012-08-19 02:02 - 00000000 ____D C:\Users\jhemp\Downloads\True.Blood.S05E02.HDTV.XviD-AFG
    2012-08-19 01:45 - 2012-08-19 01:45 - 00000000 ____D C:\Users\jhemp\Downloads\True.Blood.S05E01.HDTV.XviD-Atilla82
    2012-08-19 01:44 - 2012-08-19 01:45 - 00000000 ____D C:\Users\jhemp\Downloads\National.Treasure.Pack.720p.BRRip.x264-VoXHD
    2012-08-19 01:16 - 2012-08-19 01:19 - 00000000 ____D C:\Users\jhemp\Downloads\[ www.Torrenting.com ] - My.Week.With.Marilyn.2011.BRRip.XviD-BiDA
    2012-08-18 21:18 - 2012-08-18 21:42 - 00000000 ____D C:\Users\jhemp\Downloads\The.Raid.Redemption.2011.DUBBED.BRRip.XviD.Ac3.Feel-Free
    2012-08-18 21:08 - 2012-08-18 21:10 - 00000000 ____D C:\Users\jhemp\Downloads\ATM 2012 LIMITED 720p BluRay x264-AN0NYM0US [EtHD]
    2012-08-18 16:01 - 2012-08-18 16:36 - 00000000 ____D C:\Users\jhemp\Downloads\Gold.Rush.S02.Special.The.Jungle.720p.HDTV.x264-KILLERS
    2012-08-18 11:04 - 2012-08-18 12:00 - 00000000 ____D C:\Users\jhemp\Downloads\Dexter.S05.DVDRip.XviD-REWARD
    2012-08-18 10:50 - 2012-08-18 10:50 - 00000000 ____D C:\Users\jhemp\Downloads\The.Avengers.2012.DVDRip.XviD-NYDIC
    2012-08-17 17:33 - 2012-08-17 17:40 - 00000000 ____D C:\Users\jhemp\Downloads\The.Wire.S01-S05.DVDRip.XviD-TD
    2012-08-16 20:13 - 2012-08-16 22:21 - 00000000 ____D C:\Users\jhemp\Downloads\Oceans.Trilogy.720p.BRRip.AC3.XviD-SHiRK
    2012-08-16 16:35 - 2012-08-16 17:18 - 00000000 ____D C:\Users\jhemp\Downloads\The.Amazing.Spiderman.2012.TS.XViD.AC3.Hive-CM8
    2012-08-16 16:16 - 2012-08-16 16:16 - 00000000 ____D C:\Users\jhemp\Downloads\The Tall Man.2012.HDRip.XviD.AbSurdiTy
    2012-08-15 20:13 - 2012-08-16 03:52 - 00000000 ____D C:\Users\jhemp\Downloads\Dexter - Season 4 Complete - NXOR
    2012-08-15 20:08 - 2012-08-15 20:13 - 00000000 ____D C:\Users\jhemp\Downloads\Dexter.S06
    2012-08-15 19:11 - 2012-08-15 19:14 - 00000000 ____D C:\Users\jhemp\Downloads\The.Cabin.In.The.Woods.2012.HDRiP.XViD-PSEUDO
    2012-08-15 19:01 - 2012-08-15 19:01 - 00000000 ____D C:\Users\jhemp\Downloads\Kill.List.2011.LIMITED.DVDRip.XviD- RedBlade
    2012-08-15 00:01 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-15 00:01 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-15 00:01 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-15 00:01 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-15 00:01 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-15 00:01 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-15 00:01 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-15 00:01 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-15 00:01 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-15 00:01 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-15 00:01 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-15 00:01 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-15 00:01 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-15 00:01 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-15 00:01 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-15 00:01 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-15 00:01 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-15 00:01 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-15 00:01 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-15 00:01 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-15 00:01 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-15 00:01 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-15 00:01 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-15 00:01 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-15 00:01 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-15 00:01 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-15 00:01 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-15 00:01 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-14 18:12 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-14 18:12 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-14 18:12 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-14 18:12 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-14 18:12 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-14 18:12 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-14 18:12 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-08-14 18:12 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-14 18:12 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-14 18:12 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-14 18:12 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-14 18:12 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-14 18:12 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-08-14 08:18 - 2012-08-14 09:18 - 367053846 ____A C:\Users\jhemp\Downloads\Dexter.S02E03.HDTV.XviD-XOR.avi
    2012-08-14 06:42 - 2012-08-14 07:01 - 00000000 ____D C:\Users\jhemp\Downloads\I Melt with You (2011) BRRip Xvid AC3-Anarchy
    2012-08-13 11:20 - 2012-08-13 11:20 - 00000000 ____D C:\Users\jhemp\Downloads\Anne of Green Gables (1985) NL Subs DD5.1 Retail TBS
    2012-08-13 11:17 - 2012-08-13 12:16 - 00000000 ____D C:\Users\jhemp\Downloads\Dexter - Season 3 Complete - NXOR
    2012-08-13 02:10 - 2012-08-13 02:48 - 00000000 ____D C:\Users\jhemp\Downloads\Lions for Lambs-720p MP4 AAC BRRip 2007-CC
    2012-08-13 00:23 - 2012-08-13 00:30 - 00000000 ____D C:\Users\jhemp\Downloads\The Disappearance Of Alice Creed 2010 DVDRiP XViD-ViP3R
    2012-08-12 19:09 - 2012-08-12 19:11 - 00000000 ____D C:\Users\jhemp\Downloads\True.Blood.S05E10.HDTV.XviD-AFG
    2012-08-12 18:04 - 2012-08-12 18:11 - 00000000 ____D C:\Users\jhemp\Downloads\[ www.Torrentday.com ] - Animal.Kingdom[2010]DvDrip-aXXo
    2012-08-12 13:31 - 2012-08-12 13:37 - 00000000 ____D C:\Users\jhemp\Downloads\Six Feet Under - Season 1
    2012-08-11 12:36 - 2012-08-11 13:40 - 2018611650 ____A C:\Users\jhemp\Downloads\True.Blood.S05E08.720p.HDTV.x264-EVOLVE.mkv
    2012-08-11 12:28 - 2012-08-11 12:34 - 00000000 ____D C:\Users\jhemp\Downloads\Jace.Everett[Bad.Things]True.Blood.Theme.MP3-jandor2009
    2012-08-11 12:09 - 2012-08-11 12:26 - 00000000 ____D C:\Users\jhemp\Downloads\All Adam Lambert Idol Studio
    2012-08-11 11:13 - 2012-08-11 11:13 - 00000000 ____D C:\Users\jhemp\Downloads\The Town 2010 Extended Cut 720p BRRip x264-HDLiTE
    2012-08-11 08:37 - 2012-08-11 09:04 - 00000000 ____D C:\Users\jhemp\Downloads\The Bourne Trilogy 2002-2007 720p BRRIP Srkfan
    2012-08-11 08:28 - 2012-08-11 08:37 - 00000000 ____D C:\Users\jhemp\Downloads\Haywire 2011 1080p BluRay x264 (0.99GB) [Exclusive]~~~[CooL GuY] {{a2zRG}}
    2012-08-11 07:09 - 2012-08-11 07:12 - 00000000 ____D C:\Users\jhemp\Downloads\Martha.Marcy.May.Marlene.2011.LIMITED.BRRIP.X264.AC3.CrEwSaDe
    2012-08-10 04:28 - 2012-08-10 04:29 - 00000000 ____D C:\Users\jhemp\Downloads\Rampart.2011.LIMITED.BDRip.XviD-AMIABLE

    ==================== 3 Months Modified Files ================================

    2012-09-09 15:06 - 2012-08-28 13:01 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2641804929-3598768314-1187809908-1000UA.job
    2012-09-09 15:06 - 2012-04-27 14:30 - 01445955 ____A C:\Windows\WindowsUpdate.log
    2012-09-09 14:58 - 2012-09-09 14:58 - 01453141 ____A (Farbar) C:\Users\jhemp\Downloads\FRST64 (1).exe
    2012-09-09 14:58 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-09 14:58 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-09 14:57 - 2012-04-27 12:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-09 14:50 - 2012-09-01 11:16 - 00005040 ____A C:\Windows\setupact.log
    2012-09-09 14:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-09 14:24 - 2012-09-09 14:24 - 00035045 ____A C:\Users\jhemp\Downloads\FRST.txt
    2012-09-09 14:17 - 2012-09-09 14:17 - 01453141 ____A (Farbar) C:\Users\jhemp\Downloads\FRST64.exe
    2012-09-09 13:06 - 2012-08-28 13:01 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2641804929-3598768314-1187809908-1000Core.job
    2012-09-09 11:29 - 2012-08-24 10:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\jhemp\Desktop\TDSSKiller.exe
    2012-09-09 11:25 - 2012-09-09 11:25 - 02193184 ____A C:\Users\jhemp\Downloads\tdsskiller (1).zip
    2012-09-09 11:24 - 2012-09-09 11:24 - 02193184 ____A C:\Users\jhemp\Downloads\tdsskiller.zip
    2012-09-09 10:08 - 2012-09-09 10:08 - 00894952 ____A (Oracle Corporation) C:\Users\jhemp\Downloads\chromeinstall-7u7.exe
    2012-09-07 21:33 - 2012-09-07 21:33 - 00022951 ____A C:\ComboFix.txt
    2012-09-07 21:28 - 2009-07-13 18:34 - 59506688 ____A C:\Windows\System32\config\SOFTWARE.bak
    2012-09-07 21:28 - 2009-07-13 18:34 - 18874368 ____A C:\Windows\System32\config\SYSTEM.bak
    2012-09-07 21:28 - 2009-07-13 18:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
    2012-09-07 21:28 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
    2012-09-07 21:28 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
    2012-09-07 20:10 - 2012-09-07 20:10 - 00005162 ____A C:\Windows\SysWOW64\commonpriv.log
    2012-09-07 20:10 - 2012-09-07 20:10 - 00000000 ____A C:\Windows\SysWOW64\commonpriv.log.lock
    2012-09-07 20:09 - 2010-11-20 19:47 - 00026938 ____A C:\Windows\PFRO.log
    2012-09-07 19:47 - 2012-09-07 19:47 - 10901120 ____A (OPSWAT, Inc.) C:\Users\jhemp\Downloads\AppRemover (1).exe
    2012-09-07 18:58 - 2012-09-07 18:57 - 10901120 ____A (OPSWAT, Inc.) C:\Users\jhemp\Downloads\AppRemover.exe
    2012-09-07 18:28 - 2012-09-07 18:28 - 04749820 ____A (Swearware) C:\Users\jhemp\Downloads\ComboFix (1).exe
    2012-09-07 18:26 - 2012-09-07 18:26 - 04749820 ___RA (Swearware) C:\Users\jhemp\Downloads\ComboFix.exe
    2012-09-07 08:26 - 2012-09-07 08:26 - 00002536 ____A C:\Users\jhemp\Downloads\attachment (1)
    2012-09-06 05:37 - 2012-09-06 05:37 - 00001383 ____A C:\Users\jhemp\Desktop\RKreport[2].txt
    2012-09-06 05:32 - 2012-09-06 05:32 - 00001349 ____A C:\Users\jhemp\Desktop\RKreport[1].txt
    2012-09-06 05:30 - 2012-09-06 05:30 - 01378816 ____A C:\Users\jhemp\Downloads\RogueKiller.exe
    2012-09-05 05:52 - 2012-09-05 05:52 - 00005409 ____A C:\Users\jhemp\Desktop\Attach.txt
    2012-09-05 05:49 - 2012-09-05 05:49 - 00022149 ____A C:\Users\jhemp\Desktop\DDS.txt
    2012-09-05 05:44 - 2012-09-05 05:44 - 00607260 ____R (Swearware) C:\Users\jhemp\Downloads\dds.com
    2012-09-04 06:46 - 2012-09-04 06:46 - 01138397 ____A C:\Users\jhemp\Downloads\7z922.exe
    2012-09-04 06:34 - 2012-09-04 06:34 - 01517376 ____A C:\Users\jhemp\Downloads\wrar420.exe
    2012-09-03 14:46 - 2012-09-03 14:46 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 14:46 - 2012-09-03 14:46 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 14:44 - 2012-09-03 14:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\jhemp\Downloads\mbam-setup-1.62.0.1300 (1).exe
    2012-09-03 14:36 - 2012-09-03 14:36 - 00001946 ____A C:\Users\jhemp\Desktop\aswMBR.txt
    2012-09-03 14:36 - 2012-09-03 14:36 - 00000512 ____A C:\Users\jhemp\Desktop\MBR.dat
    2012-09-03 13:56 - 2012-09-03 13:55 - 04731392 ____A (AVAST Software) C:\Users\jhemp\Downloads\aswMBR.exe
    2012-09-03 13:53 - 2012-09-03 13:53 - 00000449 ____A C:\Users\jhemp\Desktop\gmer.log
    2012-09-03 13:35 - 2012-09-03 13:35 - 00302592 ____A C:\Users\jhemp\Downloads\o771unu2.exe
    2012-09-03 13:28 - 2012-09-03 13:28 - 00302592 ____A C:\Users\jhemp\Downloads\swhjqrwl.exe
    2012-09-03 12:41 - 2012-09-03 12:41 - 00060255 ____A C:\Users\jhemp\Downloads\6668976F7F7B7437EE0853022394DC9DB1F7DB68.torrent
    2012-09-03 10:00 - 2012-04-27 12:36 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-03 10:00 - 2012-04-27 12:36 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-02 19:48 - 2012-09-02 19:48 - 00002536 ____A C:\Users\jhemp\Downloads\attachment
    2012-09-02 17:54 - 2012-09-02 17:54 - 00035118 ____A C:\Users\jhemp\Downloads\Men.In.Black.3.2012.DVDRip.XviD-DEPRiVED.torrent
    2012-09-02 17:47 - 2012-09-02 17:47 - 00039816 ____A C:\Users\jhemp\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE.torrent
    2012-09-02 09:54 - 2012-09-02 09:54 - 00119736 ____A C:\Users\jhemp\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.720p.BluRay.X264-AMIABLE.torrent
    2012-09-01 20:12 - 2012-08-28 13:03 - 00002457 ____A C:\Users\jhemp\Desktop\Google Chrome.lnk
    2012-08-30 18:53 - 2012-08-30 18:53 - 00030200 ____A C:\Users\jhemp\Downloads\DD82212BDB0919625A3C5F160C27910C5B72D488.torrent
    2012-08-30 16:27 - 2012-08-30 16:20 - 48534720 ____A (Safer-Networking Ltd. ) C:\Users\jhemp\Downloads\spybotsd-2.0.9-rc1.exe
    2012-08-30 14:43 - 2012-08-30 14:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\jhemp\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-30 04:54 - 2012-08-30 04:53 - 32600440 ____A C:\Users\jhemp\Downloads\GraboidVideoSetup-3.26.exe
    2012-08-29 14:44 - 2012-08-29 14:44 - 00005703 ____A C:\Users\jhemp\Downloads\Storage.Wars.S03E19.HDTV.x264-EVOLVE.torrent
    2012-08-28 14:45 - 2012-08-28 14:45 - 00017386 ____A C:\Users\jhemp\Downloads\The.Twilight.Quadrilogy.720p.BRRip.XviD.AC3-UNDERCOVER.torrent
    2012-08-28 14:39 - 2012-08-28 14:39 - 00089848 ____A C:\Users\jhemp\Downloads\The.Lord.of.the.Rings.EXTENDED.AC3.720p.Triology.BRRip.XViD-RemixHD.torrent
    2012-08-27 14:46 - 2012-08-27 14:06 - 657799332 ____A C:\Users\jhemp\Downloads\02 - Plyometric Cardio Circuit.avi
    2012-08-25 11:57 - 2012-05-18 16:08 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-08-25 11:57 - 2012-05-18 16:08 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
    2012-08-15 00:20 - 2009-07-13 20:45 - 00319000 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-15 00:00 - 2012-05-19 11:22 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-14 09:18 - 2012-08-14 08:18 - 367053846 ____A C:\Users\jhemp\Downloads\Dexter.S02E03.HDTV.XviD-XOR.avi
    2012-08-11 13:40 - 2012-08-11 12:36 - 2018611650 ____A C:\Users\jhemp\Downloads\True.Blood.S05E08.720p.HDTV.x264-EVOLVE.mkv
    2012-07-28 18:39 - 2012-07-28 18:39 - 00000108 ____A C:\Users\jhemp\My Documents\1Click.cfg
    2012-07-28 18:39 - 2012-07-28 18:39 - 00000108 ____A C:\Users\jhemp\Documents\1Click.cfg
    2012-07-28 12:03 - 2012-07-28 12:03 - 00000949 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-07-28 12:03 - 2012-07-28 12:03 - 00000949 ____A C:\Users\All Users\Desktop\µTorrent.lnk
    2012-07-19 11:28 - 2012-04-27 12:50 - 00002822 ____A C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
    2012-07-19 11:28 - 2012-04-27 12:50 - 00002822 ____A C:\Users\All Users\Desktop\WildTangent Games App - dell.lnk
    2012-07-18 10:15 - 2012-08-14 18:12 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-04 14:16 - 2012-08-14 18:12 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-14 18:12 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-14 18:12 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-14 18:12 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-14 18:12 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-03 10:46 - 2012-09-03 14:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-30 00:07 - 2009-07-13 21:13 - 00792712 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-29 18:48 - 2012-06-29 18:47 - 03879304 ____A (AVG Technologies) C:\Users\jhemp\Downloads\avg_free_stb_all_2012_2180_cnet.exe
    2012-06-28 20:55 - 2012-08-15 00:01 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-15 00:01 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-15 00:01 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-15 00:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-15 00:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-15 00:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-15 00:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-15 00:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-15 00:01 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-15 00:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-15 00:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-15 00:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-15 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-15 00:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-15 00:01 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-15 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-15 00:01 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-15 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-15 00:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-15 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-15 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-15 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-15 00:01 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-15 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-15 00:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-15 00:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-15 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-15 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-02 11:32:54
    Restore point made on: 2012-09-02 16:10:26
    Restore point made on: 2012-09-03 07:24:20
    Restore point made on: 2012-09-03 22:39:20
    Restore point made on: 2012-09-06 01:35:44
    Restore point made on: 2012-09-06 13:22:48
    Restore point made on: 2012-09-07 21:02:16
    Restore point made on: 2012-09-07 21:02:52
    Restore point made on: 2012-09-08 01:50:49

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8174.64 MB
    Available physical RAM: 7398.91 MB
    Total Pagefile: 8172.84 MB
    Available Pagefile: 7390.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions ============================

    1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:549.11 GB) NTFS
    2 Drive d: (Sep 09 2012) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF
    3 Drive e: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 916 GB 14 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 916 GB Healthy

    ==================================================================================

    Last Boot: 2012-09-05 21:57

    ==================== End Of Log =============================
     
    imjhemp,
    #19
  21. 2012/09/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    How is computer doing?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...