Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Hardware Hardware
Search Search
Search for:
Tech Support Guy > > >

Solved: X5XSEx


(!)

ALZN's Avatar
ALZN ALZN is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Dec 2012
02-Dec-2012, 03:37 PM #1
Question Solved: X5XSEx
Operating System: Windows 7
Hello! I'm currently having a problem with the file 'X5XSEx' and I believe this is what's causing my computer to crash. In 'System Information' and under 'Problem Devices' it is listed:
PNP Device ID: ROOT\LEGECY_X5XSEX\0000
Error Code: This device is not present, is not working properly, or does not have all its drivers installed.
After finding the problem device, I went to device manager and selected "Show hidden devices' under 'View"
Afterward I scrolled down and found X5XSEx under 'Non-plug and Play Drivers'.
After clicking on it, the Manufacturer and Location is listed as 'Unknown' and under the device status it reads: "This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)"
I cannot start it up, nor is there any option to update it. How can this be fixed?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,866 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
02-Dec-2012, 04:17 PM #2
that looks like free ride games player junkware , that needs removing


follow advice here and post the logs those programs make
ALZN's Avatar
ALZN ALZN is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Dec 2012
02-Dec-2012, 04:48 PM #3
Log from HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:27:18 PM, on 12/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe
C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1881\Blizzard Launcher.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=dow...E&cr=410356994
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=dow...E&cr=410356994
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FreeSoundRecorder - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120825210702.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: YouTube to MP3 Converter - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
O3 - Toolbar: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2002660311-1004659573-2410536576-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2002660311-1004659573-2410536576-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Intel(R) Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...02/CTSUEng.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19570 bytes


Will post other logs soon.
ALZN's Avatar
ALZN ALZN is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Dec 2012
02-Dec-2012, 04:50 PM #4
DDS Logs
Log One:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by melanie at 16:48:10 on 2012-12-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5427 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe
C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Users\melanie\AppData\Local\Apps\2.0\7XXME804.RG2\V0J9ECX9.3VE\curs..tio n_9e9e83ddf3ed3ead_0005.0001_dafeadaaa30c70ac\CurseClient.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\melanie\AppData\Local\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1881\Blizzard Launcher.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
mURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120825210702.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: YouTube to MP3 Converter: {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
TB: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Akamai NetSession Interface] "C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\melanie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6EBA2D7E-92A1-4CF8-9921-9AB14D350156} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6EBA2D7E-92A1-4CF8-9921-9AB14D350156}\2375942554832373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6EBA2D7E-92A1-4CF8-9921-9AB14D350156}\36F6374716 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6EBA2D7E-92A1-4CF8-9921-9AB14D350156}\46C696E6B6 : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120626203838.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
FF - prefs.js: keyword.URL -
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\melanie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-14 21:00; crossriderapp4493@crossrider.com; C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ extensions\crossriderapp4493@crossrider.com
FF - ExtSQL: 2012-11-14 21:01; {32b29df0-2237-4370-9a29-37cebb730e9b}; C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
FF - ExtSQL: 2012-11-15 20:16; ffxtlbr@funmoods.com; C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ extensions\ffxtlbr@funmoods.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994&q=
FF - user.js: extensions.funmoods.id - 848F69C47514F752
FF - user.js: extensions.funmoods.instlDay - 15658
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:59:59
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 335784]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-21 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-1-21 21616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-14 283200]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-10-8 284008]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-1-21 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-1-21 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-1-21 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-1-21 177144]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-6-25 331512]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-21 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-2 6583160]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-27 3027840]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-2 528760]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-21 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-1-21 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 69672]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-1-21 176096]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 513456]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-1-21 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-1-21 181760]
R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);C:\Windows\System32\drivers\qcfilterdl2k.sys [2012-1-21 6400]
R3 qcusbnetdl2k;Gobi 2000 USB-NDIS miniport(413C-8186);C:\Windows\System32\drivers\qcusbnetdl2k.sys [2012-1-21 443392]
R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);C:\Windows\System32\drivers\qcusbserdl2k.sys [2012-1-21 230784]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-1-21 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-21 428136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-26 196440]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-1-21 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-1-21 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106112]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-1-21 121960]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-02 20:15:32 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\offreg.dll
2012-12-02 19:13:32 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2012
2012-12-02 19:09:06 -------- d-----w- C:\Users\melanie\AppData\Local\Avg2013
2012-12-02 19:01:03 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-12-02 18:49:27 -------- d-----w- C:\Program Files (x86)\RegistryNuke 2012
2012-12-02 15:59:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-02 15:59:22 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-02 01:31:51 35192 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-12-02 01:31:51 26488 ----a-w- C:\Windows\System32\authuitu.dll
2012-12-02 01:31:50 21880 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-12-02 01:31:17 -------- d-----w- C:\Users\melanie\AppData\Roaming\AVG
2012-12-02 01:30:05 -------- d-----w- C:\ProgramData\AVG
2012-12-02 01:29:46 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-01 23:34:17 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-12-01 22:38:09 -------- d-----w- C:\Users\melanie\AppData\Roaming\TuneUp Software
2012-12-01 22:36:34 -------- d-----w- C:\Program Files (x86)\AVG
2012-12-01 21:30:48 -------- d-----w- C:\Users\melanie\AppData\Local\MFAData
2012-12-01 21:30:48 -------- d-----w- C:\ProgramData\MFAData
2012-12-01 20:49:46 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2012-12-01 20:49:42 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2012-12-01 16:15:47 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-01 16:15:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-01 16:11:28 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-11-30 20:13:38 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\mpengine.dll
2012-11-24 15:03:52 -------- d-----w- C:\Users\melanie\AppData\Roaming\Auslogics
2012-11-24 15:02:57 -------- d-----w- C:\Program Files (x86)\Auslogics
2012-11-19 19:54:29 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-19 19:54:29 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-19 19:54:29 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-19 19:54:29 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-18 15:47:05 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-18 15:47:05 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-18 15:47:04 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-18 15:47:04 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-18 15:47:04 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-18 15:47:04 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-18 15:47:04 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 02:01:23 -------- d-----w- C:\Program Files (x86)\FreeSoundRecorder
2012-11-15 02:01:19 -------- d-----w- C:\Users\melanie\AppData\Roaming\Free Sound Recorder
2012-11-15 02:01:15 602112 ----a-w- C:\Windows\SysWow64\NCTAudioTransform2.dll
2012-11-15 02:01:15 479232 ----a-w- C:\Windows\SysWow64\NCTAudioVisualization2.dll
2012-11-15 02:01:15 417792 ----a-w- C:\Windows\SysWow64\NCTTextToAudio2.dll
2012-11-15 02:01:15 348160 ----a-w- C:\Windows\SysWow64\NCTWMAFile2.dll
2012-11-15 02:01:14 880640 ----a-w- C:\Windows\SysWow64\NCTAudioEditor2.dll
2012-11-15 02:01:14 835584 ----a-w- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
2012-11-15 02:01:14 458752 ----a-w- C:\Windows\SysWow64\NCTAudioRecord2.dll
2012-11-15 02:01:14 458752 ----a-w- C:\Windows\SysWow64\NCTAudioPlayer2.dll
2012-11-15 02:01:14 1986560 ----a-w- C:\Windows\SysWow64\NCTAudioFile2.dll
2012-11-15 02:01:14 1212416 ----a-w- C:\Windows\SysWow64\NCTAudioInformation2.dll
2012-11-15 02:01:14 -------- d-----w- C:\Program Files (x86)\Free Sound Recorder
2012-11-12 01:36:07 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-11-12 01:34:07 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2012-11-12 01:33:10 -------- d-----w- C:\Program Files (x86)\HP
2012-11-12 01:32:06 -------- d-----w- C:\Program Files\HP
.
==================== Find3M ====================
.
2012-12-01 16:15:34 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-22 22:39:58 12887552 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-10-22 22:39:56 10674176 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-10-22 22:39:54 5903392 ----a-w- C:\Windows\System32\GfxUI.exe
2012-10-22 22:39:54 399392 ----a-w- C:\Windows\System32\hkcmd.exe
2012-10-22 22:39:54 173568 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-10-22 22:39:54 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-10-22 22:39:50 185376 ----a-w- C:\Windows\System32\difx64.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 21:08:26 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 866664 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 16:48:46.14 ===============

Log Two:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/25/2012 11:51:45 AM
System Uptime: 12/2/2012 2:21:55 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0NJT03
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 679 GiB total, 414.392 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: X5XSEx
Device ID: ROOT\LEGACY_X5XSEX\0000
Manufacturer:
Name: X5XSEx
PNP Device ID: ROOT\LEGACY_X5XSEX\0000
Service: X5XSEx
.
==== System Restore Points ===================
.
RP181: 11/27/2012 11:13:02 AM - Windows Update
RP182: 11/28/2012 7:01:45 PM - Windows Update
RP183: 12/1/2012 11:14:18 AM - Installed Java 7 Update 9
RP184: 12/1/2012 5:35:32 PM - Installed AVG 2013
RP185: 12/1/2012 5:36:55 PM - Installed AVG 2013
RP186: 12/1/2012 8:30:14 PM - Installed AVG PC TuneUp
RP187: 12/2/2012 8:31:35 AM - Removed eBay
RP188: 12/2/2012 1:54:24 PM - Removed Steam
RP189: 12/2/2012 2:07:49 PM - Removed AVG 2013
RP190: 12/2/2012 2:09:08 PM - Removed AVG 2013
.
==== Installed Programs ======================
.
µTorrent
AccelerometerP11
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.4) MUI
Advanced Audio FX Engine
Akamai NetSession Interface
Amazon Kindle
Amnesia - The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics BoostSpeed
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Avid Studio
Bamboo
Bamboo Dock
Blio
Bonjour
Cozi
Curse Client
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Edoc Viewer
Dell Getting Started Guide
Dell Mobile Broadband Utility
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
eBay
Eusing Free Registry Cleaner
Free Sound Recorder v9.3.1
FreeSoundRecorder Toolbar
Google Chrome
High-Definition Video Playback
InstallVC90Support
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) Turbo Boost Technology Monitor 2.0
Intel(R) WiDi
iTunes
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 1 (64-bit)
Junk Mail filter update
McAfee SecurityCenter
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Pando Media Booster
PDF Settings CS5
PhotoShowExpress
Pinnacle Video Driver
PlayReady PC Runtime x86
Portal 1 version 1.0
Qualcomm Gobi 2000 Package for Dell
Quickset64
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shared C Run-time for x64
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Synaptics Pointing Device Driver
SyncUP
System Requirements Lab CYRI
TeamViewer 7
The Sims 3 Ultimate Bundle
The Sims™ 3
The Sims™ 3 Generations
The Sims™ 3 Master Suite Stuff
The Sims™ 3 Pets
The Sims™ 3 Town Life Stuff
TrustedID
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Ventrilo Client
Visual Studio 2010 x64 Redistributables
VOCALOID Expression DB (Leon)
VOCALOID Expression DB (Standard)
VOCALOID Voice DB (Leon)
WebTablet FB Plugin
WebTablet IE Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (32-bit)
World of Warcraft
YouTube to MP3 Converter
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
12/2/2012 9:33:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/2/2012 4:45:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
12/2/2012 3:35:18 PM, Error: Service Control Manager [7000] - The X5XSEx service failed to start due to the following error: The system cannot find the path specified.
12/2/2012 2:29:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
12/2/2012 2:25:01 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
12/2/2012 12:01:11 PM, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
12/2/2012 12:00:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff8880aa8fff8, 0x0000000000000002, 0x0000000000000001, 0xfffff8800f415046). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120212-34725-01.
12/2/2012 11:35:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
12/2/2012 1:39:45 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/1/2012 5:32:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff8882328fff8, 0x0000000000000002, 0x0000000000000001, 0xfffff8800f398046). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120112-20373-01.
12/1/2012 4:26:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff8880ab7fff8, 0x0000000000000002, 0x0000000000000001, 0xfffff8800f556046). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120112-21855-01.
11/30/2012 6:17:33 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/30/2012 5:55:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800d9fe4e0, 0xfffff8800f4568f4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 113012-17784-01.
11/29/2012 3:02:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8009531a10, 0xfffff80000b9c3d8, 0xfffffa80078f8e10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112912-20482-01.
11/28/2012 7:02:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
11/28/2012 5:39:11 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
11/27/2012 4:04:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000117 (0xfffffa800cf4a120, 0xfffff8800f3968f4, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\112712-15537-01.dmp. Report Id: 112712-15537-01.
11/25/2012 6:50:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,866 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
02-Dec-2012, 05:07 PM #5
first
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click delete.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[S1].txt.
ALZN's Avatar
ALZN ALZN is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Dec 2012
02-Dec-2012, 05:25 PM #6
File Contents from AdwCleaner:
# AdwCleaner v2.011 - Logfile created 12/02/2012 at 17:18:49
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : melanie - MELANIE-PC
# Boot Mode : Normal
# Running from : C:\Users\melanie\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\Users\melanie\AppData\Local\funmoods.crx
File Deleted : C:\Users\melanie\AppData\Local\funmoods-speeddial_sf.crx
File Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ searchplugins\funmoods.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FreeSoundRecorder
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\melanie\AppData\Local\Babylon
Folder Deleted : C:\Users\melanie\AppData\Local\Conduit
Folder Deleted : C:\Users\melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\melanie\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\melanie\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\melanie\AppData\Local\Temp\CT2704262
Folder Deleted : C:\Users\melanie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\melanie\AppData\LocalLow\FreeSoundRecorder
Folder Deleted : C:\Users\melanie\AppData\Roaming\Babylon
Folder Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ CT2704262
Folder Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
Folder Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\FreeSoundRecorder
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FreeSoundRecorder
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchn okgfpphh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiaf dgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E72EB3-4FBF-4944-8C25-8A54C9DEE378}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C76877FE-6708-4501-BF23-8301ED363C99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeSo undRecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKU\S-1-5-21-2002660311-1004659573-2410536576-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-21-2002660311-1004659573-2410536576-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0F yByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ prefs.js

C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\ user.js ... Deleted !

Deleted : user_pref("CT2704262.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT2704262.2704262a129531303481232105000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU0Mz[...]
Deleted : user_pref("CT2704262.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT2704262.CT2704262ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY3MzIlMj[...]
Deleted : user_pref("CT2704262.CT2704262current_term.enc", "cGl6emEraHV0");
Deleted : user_pref("CT2704262.CT2704262sdate.enc", "LTE=");
Deleted : user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2704262.FirstTime", "true");
Deleted : user_pref("CT2704262.FirstTimeFF3", "true");
Deleted : user_pref("CT2704262.LoginRevertSettingsEnabled", false);
Deleted : user_pref("CT2704262.PrintItGreenStatus.enc", "dHJ1ZQ==");
Deleted : user_pref("CT2704262.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpd[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000ReadItemsArr.enc ", "JTdCJTIyaHR0cCUzQSUyR[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat0.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat1.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat2.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat3.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion. enc", "Mi41LjA=");
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000feedsObj.enc", "JTdCJTIyY2hhbm5lbHMlMjIlM[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime.e nc", "MTM1NDMyMTM2OTU2NiA[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds.enc", "bmV3RmVlZHM=");
Deleted : user_pref("CT2704262.RevertSettingsEnabled", true);
Deleted : user_pref("CT2704262.UserID", "UN39444267476307553");
Deleted : user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2704262.autoDisableScopes", 0);
Deleted : user_pref("CT2704262.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT2704262.cbfirsttime.enc", "VGh1IE5vdiAxNSAyMDEyIDIwOjE2OjMyIEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
Deleted : user_pref("CT2704262.defaultSearch", "false");
Deleted : user_pref("CT2704262.embeddedsData", "[{\"appId\":\"129234816889425546\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2704262.enableAlerts", "false");
Deleted : user_pref("CT2704262.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2704262.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2704262.fixPageNotFoundError", "true");
Deleted : user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2704262.fixUrls", true);
Deleted : user_pref("CT2704262.hxxp___cdn_printitgreen_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLGhzY3JvbGw[...]
Deleted : user_pref("CT2704262.installId", "conduitnsisintegration");
Deleted : user_pref("CT2704262.installType", "conduitnsisintegration");
Deleted : user_pref("CT2704262.isCheckedStartAsHidden", true);
Deleted : user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2704262.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT2704262.isNewTabEnabled", false);
Deleted : user_pref("CT2704262.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2704262.migrateAppsAndComponents", true);
Deleted : user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT2704262.openThankYouPage", "false");
Deleted : user_pref("CT2704262.openUninstallPage", "true");
Deleted : user_pref("CT2704262.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Deleted : user_pref("CT2704262.price-gong.isManagedApp", "true");
Deleted : user_pref("CT2704262.revertSettingsEnabled", "false");
Deleted : user_pref("CT2704262.search.searchAppId", "129234816889425546");
Deleted : user_pref("CT2704262.search.searchCount", "0");
Deleted : user_pref("CT2704262.searchInNewTabEnabled", "false");
Deleted : user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl ", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName ", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1354321451579");
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1354321451756");
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "13543214517[...]
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1354321451842"[...]
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1354321451620");
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1354321451668")[...]
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1354321452425");
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1354321451917");
Deleted : user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate" , "1354027507685");
Deleted : user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1354027270558");
Deleted : user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1354321444355");
Deleted : user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate ", "1354321564247");
Deleted : user_pref("CT2704262.serviceLayer_services_login_10.13.40.15_lastUpdate", "1354321444470");
Deleted : user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate" , "1354321564349");
Deleted : user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1354321444618");
Deleted : user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1354321444032");
Deleted : user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354321564156");
Deleted : user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1354321444175");
Deleted : user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1354321445286");
Deleted : user_pref("CT2704262.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Deleted : user_pref("CT2704262.serviceLayer_services_userApps_lastUpdate", "1354027270494");
Deleted : user_pref("CT2704262.settingsINI", true);
Deleted : user_pref("CT2704262.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2704262.smartbar.CTID", "CT2704262");
Deleted : user_pref("CT2704262.smartbar.Uninstall", "0");
Deleted : user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");
Deleted : user_pref("CT2704262.startPage", "false");
Deleted : user_pref("CT2704262.toolbarBornServerTime", "16-11-2012");
Deleted : user_pref("CT2704262.toolbarCurrentServerTime", "1-12-2012");
Deleted : user_pref("CT2704262.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...]
Deleted : user_pref("CT2704262_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
Deleted : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2X[...]
Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "8DEDCED612555A8E32DAF471213F3867");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.id", "848F69C47514F752");
Deleted : user_pref("extensions.funmoods.instlDay", "15658");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:59:59");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:59:59");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:59:59");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\melanie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [19955 octets] - [02/12/2012 17:18:49]

########## EOF - C:\AdwCleaner[S2].txt - [20016 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,866 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
02-Dec-2012, 05:46 PM #7
next

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
ALZN's Avatar
ALZN ALZN is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Dec 2012
02-Dec-2012, 07:16 PM #8
ComboFix 12-12-02.01 - melanie 12/02/2012 19:03:43.1.8 - x64
Running from: c:\users\melanie\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1b075935-6b9c-41c2-8914-643bfe886db8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\35445406-e7ed-4a0e-9922-45505e71594b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d656744-60b2-4576-8124-a39729f8b522.dll
c:\programdata\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll
c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\72f0dc20-5af7-4221-9657-442597ce030b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\75c8751b-fcad-4846-80ce-3a2efec60612.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8a7e779d-1e14-4f91-a1b0-82dc746441b1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll
c:\programdata\Roaming
Y:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-02 23:55 . 2012-12-02 23:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\offreg.dll
2012-12-02 19:13 . 2012-12-02 21:18 -------- d-----w- c:\program files (x86)\Advanced Fix 2012
2012-12-02 19:09 . 2012-12-02 19:09 -------- d-----w- c:\users\melanie\AppData\Local\Avg2013
2012-12-02 19:01 . 2012-12-02 22:38 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-12-02 18:49 . 2012-12-02 18:53 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
2012-12-02 15:59 . 2012-12-02 15:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-02 15:59 . 2012-12-02 15:59 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-02 01:31 . 2012-12-02 01:31 -------- d-----w- c:\users\melanie\AppData\Roaming\AVG
2012-12-02 01:30 . 2012-12-02 01:31 -------- d-----w- c:\programdata\AVG
2012-12-02 01:29 . 2012-12-02 01:29 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-01 23:34 . 2012-12-02 17:48 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-12-01 22:38 . 2012-12-01 22:38 -------- d-----w- c:\users\melanie\AppData\Roaming\TuneUp Software
2012-12-01 21:30 . 2012-12-02 19:10 -------- d-----w- c:\programdata\MFAData
2012-12-01 21:30 . 2012-12-01 21:30 -------- d-----w- c:\users\melanie\AppData\Local\MFAData
2012-12-01 20:49 . 2012-05-15 12:13 144896 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-12-01 20:49 . 2012-05-15 11:20 104448 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-12-01 17:43 . 2012-12-01 17:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-01 16:15 . 2012-12-01 16:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-01 16:15 . 2012-12-01 16:15 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-01 16:11 . 2012-12-01 16:11 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-12-01 16:11 . 2012-12-01 16:11 -------- d-----w- c:\users\melanie\AppData\Roaming\SystemRequirementsLab
2012-11-30 20:13 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\mpengine.dll
2012-11-24 15:03 . 2012-11-24 15:08 -------- d-----w- c:\users\melanie\AppData\Roaming\Auslogics
2012-11-24 15:02 . 2012-12-03 00:02 -------- d-----w- c:\program files (x86)\Auslogics
2012-11-19 19:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 19:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 19:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 19:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-18 15:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-18 15:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-18 15:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-18 15:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-18 15:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-18 15:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 15:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 02:01 . 2012-11-15 02:05 -------- d-----w- c:\users\melanie\AppData\Roaming\Free Sound Recorder
2012-11-15 02:01 . 2005-04-04 22:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
2012-11-15 02:01 . 2005-03-28 20:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2012-11-15 02:01 . 2005-03-28 20:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
2012-11-15 02:01 . 2005-02-24 16:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2012-11-15 02:01 . 2012-11-15 02:01 -------- d-----w- c:\program files (x86)\Free Sound Recorder
2012-11-15 02:01 . 2005-05-18 16:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2012-11-15 02:01 . 2005-05-17 17:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2012-11-15 02:01 . 2005-04-25 18:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2012-11-15 02:01 . 2005-04-25 18:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2012-11-15 02:01 . 2005-04-15 17:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
2012-11-15 02:01 . 2004-11-04 18:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2012-11-12 01:36 . 2012-11-12 01:36 -------- d-----w- c:\users\melanie\AppData\Roaming\Yahoo!
2012-11-12 01:36 . 2012-11-12 01:36 -------- d-----w- c:\programdata\Yahoo! Companion
2012-11-12 01:36 . 2012-11-12 16:53 -------- d-----w- c:\program files (x86)\Yahoo!
2012-11-12 01:34 . 2012-11-12 01:34 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-11-12 01:33 . 2012-11-12 16:53 -------- d-----w- c:\program files (x86)\HP
2012-11-12 01:32 . 2012-11-12 01:32 -------- d-----w- c:\program files\HP
2012-11-12 01:30 . 2012-11-12 16:53 -------- d-----w- c:\programdata\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-01 16:15 . 2012-01-21 15:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-18 15:47 . 2012-01-28 14:16 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-22 22:40 . 2012-10-22 22:40 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-22 22:40 . 2012-10-22 22:40 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-10-22 22:40 . 2012-10-22 22:40 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-10-22 22:40 . 2012-10-22 22:40 513056 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-22 22:40 . 2012-10-22 22:40 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-22 22:40 . 2012-10-22 22:40 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-22 22:40 . 2012-10-22 22:40 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-10-22 22:40 . 2012-10-22 22:40 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-22 22:40 . 2012-10-22 22:40 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-22 22:40 . 2012-10-22 22:40 272928 ----a-w- c:\windows\system32\igvpkrng600.bin
2012-10-22 22:40 . 2012-10-22 22:40 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-22 22:40 . 2012-10-22 22:40 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-22 22:40 . 2012-10-22 22:40 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-22 22:40 . 2012-10-22 22:40 116224 ----a-w- c:\windows\system32\igfxCoIn_v2875.dll
2012-10-22 22:40 . 2012-01-21 16:29 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-22 22:40 . 2012-10-22 22:40 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-22 22:40 . 2012-10-22 22:40 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-10-22 22:40 . 2012-10-22 22:40 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-22 22:40 . 2012-10-22 22:40 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-22 22:40 . 2012-10-22 22:40 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-22 22:40 . 2012-10-22 22:40 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-22 22:40 . 2012-10-22 22:40 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-22 22:40 . 2012-01-21 16:29 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-10-22 22:40 . 2012-10-22 22:40 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-10-22 22:40 . 2012-10-22 22:40 640512 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-22 22:40 . 2012-10-22 22:40 518656 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-22 22:40 . 2012-10-22 22:40 441888 ----a-w- c:\windows\system32\igfxpers.exe
2012-10-22 22:40 . 2012-10-22 22:40 441344 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-22 22:40 . 2012-10-22 22:40 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-10-22 22:40 . 2012-10-22 22:40 384512 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-22 22:40 . 2012-10-22 22:40 3510784 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-22 22:40 . 2012-10-22 22:40 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-22 22:40 . 2012-10-22 22:40 252448 ----a-w- c:\windows\system32\igfxext.exe
2012-10-22 22:40 . 2012-10-22 22:40 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-22 22:40 . 2012-10-22 22:40 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-22 22:40 . 2012-10-22 22:40 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-22 22:40 . 2012-01-21 16:29 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-10-22 22:40 . 2012-10-22 22:40 483840 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-22 22:40 . 2012-10-22 22:40 459264 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-22 22:40 . 2012-10-22 22:40 3121152 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-22 22:40 . 2012-01-21 16:29 12615168 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-22 22:40 . 2012-01-21 16:29 11049472 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-10-22 22:40 . 2012-10-22 22:40 5332896 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-22 22:40 . 2012-10-22 22:40 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-22 22:40 . 2012-10-22 22:40 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-22 22:40 . 2012-01-21 16:29 12854272 ----a-w- c:\windows\system32\igd10umd64.dll
2012-10-22 22:40 . 2012-01-21 16:29 11171840 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-22 22:40 . 2012-10-22 22:40 963452 ----a-w- c:\windows\system32\igcodeckrng600.bin
2012-10-22 22:39 . 2012-10-22 22:39 12887552 ----a-w- c:\windows\system32\ig4icd64.dll
2012-10-22 22:39 . 2012-10-22 22:39 10674176 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-10-22 22:39 . 2012-10-22 22:39 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-22 22:39 . 2012-10-22 22:39 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-22 22:39 . 2012-10-22 22:39 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-22 22:39 . 2012-01-21 16:29 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-10-22 22:39 . 2012-10-22 22:39 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-16 08:38 . 2012-11-28 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 20:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 21:08 . 2012-10-08 21:08 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 16:42 . 2012-10-08 16:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-08 16:42 . 2012-01-21 16:29 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-08 16:42 . 2012-10-08 16:42 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-08 16:42 . 2012-10-08 16:42 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-08 16:42 . 2012-01-21 16:29 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-08 16:42 . 2012-10-08 16:42 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-08 16:42 . 2012-01-21 16:29 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-08 16:42 . 2012-01-21 16:29 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-08 16:42 . 2012-10-08 16:42 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-08 16:42 . 2012-10-08 16:42 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-08 16:42 . 2012-10-08 16:42 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-10-08 16:42 . 2012-10-08 16:42 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-08 16:42 . 2012-10-08 16:42 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-08 16:42 . 2012-10-08 16:42 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-08 16:42 . 2012-01-21 16:29 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-08 16:42 . 2012-10-08 16:42 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-08 16:42 . 2012-10-08 16:42 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-08 16:42 . 2012-10-08 16:42 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-08 16:42 . 2012-01-21 16:29 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-08 16:42 . 2012-10-08 16:42 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-08 16:42 . 2012-01-21 16:29 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-08 16:42 . 2012-10-08 16:42 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E71596B0-A83B-453D-82C1-4BE99947C65F}]
2012-03-23 08:13 107328 ----a-w- c:\users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Akamai NetSession Interface"="c:\users\melanie\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-27 1255736]
R3 X6va005;X6va005;c:\users\melanie\AppData\Local\Temp\005D90F.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-06-25 331512]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\DRIVERS\qcfilterdl2k.sys [2010-08-25 6400]
S3 qcusbnetdl2k;Gobi 2000 USB-NDIS miniport(413C-8186);c:\windows\system32\DRIVERS\qcusbnetdl2k.sys [2010-08-25 443392]
S3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\DRIVERS\qcusbserdl2k.sys [2010-08-25 230784]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TuneUpUtilitiesDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-02 15:59]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002660311-1004659573-2410536576-1001Core.job
- c:\users\melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 20:45]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002660311-1004659573-2410536576-1001UA.job
- c:\users\melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 20:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-22 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-22 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-22 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
Completion time: 2012-12-02 19:13:57
ComboFix-quarantined-files.txt 2012-12-03 00:13
.
Pre-Run: 446,233,264,128 bytes free
Post-Run: 446,182,932,480 bytes free
.
- - End Of File - - 1750BBB00FA21EC0723F1F4BF39DE8CA
ALZN's Avatar
ALZN ALZN is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Dec 2012
02-Dec-2012, 08:05 PM #9
ComboFix 12-12-02.01 - melanie 12/02/2012 19:03:43.1.8 - x64
Running from: c:\users\melanie\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1b075935-6b9c-41c2-8914-643bfe886db8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\35445406-e7ed-4a0e-9922-45505e71594b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d656744-60b2-4576-8124-a39729f8b522.dll
c:\programdata\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll
c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\72f0dc20-5af7-4221-9657-442597ce030b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\75c8751b-fcad-4846-80ce-3a2efec60612.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8a7e779d-1e14-4f91-a1b0-82dc746441b1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll
c:\programdata\Roaming
Y:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-02 23:55 . 2012-12-02 23:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\offreg.dll
2012-12-02 19:13 . 2012-12-02 21:18 -------- d-----w- c:\program files (x86)\Advanced Fix 2012
2012-12-02 19:09 . 2012-12-02 19:09 -------- d-----w- c:\users\melanie\AppData\Local\Avg2013
2012-12-02 19:01 . 2012-12-02 22:38 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-12-02 18:49 . 2012-12-02 18:53 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
2012-12-02 15:59 . 2012-12-02 15:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-02 15:59 . 2012-12-02 15:59 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-02 01:31 . 2012-12-02 01:31 -------- d-----w- c:\users\melanie\AppData\Roaming\AVG
2012-12-02 01:30 . 2012-12-02 01:31 -------- d-----w- c:\programdata\AVG
2012-12-02 01:29 . 2012-12-02 01:29 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-01 23:34 . 2012-12-02 17:48 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-12-01 22:38 . 2012-12-01 22:38 -------- d-----w- c:\users\melanie\AppData\Roaming\TuneUp Software
2012-12-01 21:30 . 2012-12-02 19:10 -------- d-----w- c:\programdata\MFAData
2012-12-01 21:30 . 2012-12-01 21:30 -------- d-----w- c:\users\melanie\AppData\Local\MFAData
2012-12-01 20:49 . 2012-05-15 12:13 144896 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-12-01 20:49 . 2012-05-15 11:20 104448 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-12-01 17:43 . 2012-12-01 17:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-01 16:15 . 2012-12-01 16:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-01 16:15 . 2012-12-01 16:15 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-01 16:11 . 2012-12-01 16:11 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-12-01 16:11 . 2012-12-01 16:11 -------- d-----w- c:\users\melanie\AppData\Roaming\SystemRequirementsLab
2012-11-30 20:13 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\mpengine.dll
2012-11-24 15:03 . 2012-11-24 15:08 -------- d-----w- c:\users\melanie\AppData\Roaming\Auslogics
2012-11-24 15:02 . 2012-12-03 00:02 -------- d-----w- c:\program files (x86)\Auslogics
2012-11-19 19:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 19:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 19:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 19:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-18 15:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-18 15:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-18 15:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-18 15:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-18 15:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-18 15:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 15:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 02:01 . 2012-11-15 02:05 -------- d-----w- c:\users\melanie\AppData\Roaming\Free Sound Recorder
2012-11-15 02:01 . 2005-04-04 22:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
2012-11-15 02:01 . 2005-03-28 20:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2012-11-15 02:01 . 2005-03-28 20:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
2012-11-15 02:01 . 2005-02-24 16:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2012-11-15 02:01 . 2012-11-15 02:01 -------- d-----w- c:\program files (x86)\Free Sound Recorder
2012-11-15 02:01 . 2005-05-18 16:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2012-11-15 02:01 . 2005-05-17 17:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2012-11-15 02:01 . 2005-04-25 18:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2012-11-15 02:01 . 2005-04-25 18:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2012-11-15 02:01 . 2005-04-15 17:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
2012-11-15 02:01 . 2004-11-04 18:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2012-11-12 01:36 . 2012-11-12 01:36 -------- d-----w- c:\users\melanie\AppData\Roaming\Yahoo!
2012-11-12 01:36 . 2012-11-12 01:36 -------- d-----w- c:\programdata\Yahoo! Companion
2012-11-12 01:36 . 2012-11-12 16:53 -------- d-----w- c:\program files (x86)\Yahoo!
2012-11-12 01:34 . 2012-11-12 01:34 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-11-12 01:33 . 2012-11-12 16:53 -------- d-----w- c:\program files (x86)\HP
2012-11-12 01:32 . 2012-11-12 01:32 -------- d-----w- c:\program files\HP
2012-11-12 01:30 . 2012-11-12 16:53 -------- d-----w- c:\programdata\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-01 16:15 . 2012-01-21 15:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-18 15:47 . 2012-01-28 14:16 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-22 22:40 . 2012-10-22 22:40 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-22 22:40 . 2012-10-22 22:40 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-10-22 22:40 . 2012-10-22 22:40 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-10-22 22:40 . 2012-10-22 22:40 513056 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-22 22:40 . 2012-10-22 22:40 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-22 22:40 . 2012-10-22 22:40 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-22 22:40 . 2012-10-22 22:40 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-10-22 22:40 . 2012-10-22 22:40 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-22 22:40 . 2012-10-22 22:40 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-22 22:40 . 2012-10-22 22:40 272928 ----a-w- c:\windows\system32\igvpkrng600.bin
2012-10-22 22:40 . 2012-10-22 22:40 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-22 22:40 . 2012-10-22 22:40 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-22 22:40 . 2012-10-22 22:40 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-22 22:40 . 2012-10-22 22:40 116224 ----a-w- c:\windows\system32\igfxCoIn_v2875.dll
2012-10-22 22:40 . 2012-01-21 16:29 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-22 22:40 . 2012-10-22 22:40 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-22 22:40 . 2012-10-22 22:40 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-10-22 22:40 . 2012-10-22 22:40 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-22 22:40 . 2012-10-22 22:40 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-22 22:40 . 2012-10-22 22:40 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-22 22:40 . 2012-10-22 22:40 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-22 22:40 . 2012-10-22 22:40 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-22 22:40 . 2012-10-22 22:40 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-22 22:40 . 2012-01-21 16:29 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-10-22 22:40 . 2012-10-22 22:40 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-10-22 22:40 . 2012-10-22 22:40 640512 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-22 22:40 . 2012-10-22 22:40 518656 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-22 22:40 . 2012-10-22 22:40 441888 ----a-w- c:\windows\system32\igfxpers.exe
2012-10-22 22:40 . 2012-10-22 22:40 441344 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-22 22:40 . 2012-10-22 22:40 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-10-22 22:40 . 2012-10-22 22:40 384512 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-22 22:40 . 2012-10-22 22:40 3510784 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-22 22:40 . 2012-10-22 22:40 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-22 22:40 . 2012-10-22 22:40 252448 ----a-w- c:\windows\system32\igfxext.exe
2012-10-22 22:40 . 2012-10-22 22:40 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-22 22:40 . 2012-10-22 22:40 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-22 22:40 . 2012-10-22 22:40 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-22 22:40 . 2012-01-21 16:29 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-10-22 22:40 . 2012-10-22 22:40 483840 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-22 22:40 . 2012-10-22 22:40 459264 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-22 22:40 . 2012-10-22 22:40 3121152 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-22 22:40 . 2012-01-21 16:29 12615168 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-22 22:40 . 2012-01-21 16:29 11049472 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-10-22 22:40 . 2012-10-22 22:40 5332896 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-22 22:40 . 2012-10-22 22:40 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-22 22:40 . 2012-10-22 22:40 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-22 22:40 . 2012-01-21 16:29 12854272 ----a-w- c:\windows\system32\igd10umd64.dll
2012-10-22 22:40 . 2012-01-21 16:29 11171840 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-22 22:40 . 2012-10-22 22:40 963452 ----a-w- c:\windows\system32\igcodeckrng600.bin
2012-10-22 22:39 . 2012-10-22 22:39 12887552 ----a-w- c:\windows\system32\ig4icd64.dll
2012-10-22 22:39 . 2012-10-22 22:39 10674176 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-10-22 22:39 . 2012-10-22 22:39 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-22 22:39 . 2012-10-22 22:39 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-22 22:39 . 2012-10-22 22:39 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-22 22:39 . 2012-01-21 16:29 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-10-22 22:39 . 2012-10-22 22:39 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-16 08:38 . 2012-11-28 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 20:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 21:08 . 2012-10-08 21:08 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 16:42 . 2012-10-08 16:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-08 16:42 . 2012-01-21 16:29 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-08 16:42 . 2012-10-08 16:42 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-08 16:42 . 2012-10-08 16:42 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-08 16:42 . 2012-01-21 16:29 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-08 16:42 . 2012-10-08 16:42 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-08 16:42 . 2012-01-21 16:29 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-08 16:42 . 2012-01-21 16:29 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-08 16:42 . 2012-10-08 16:42 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-08 16:42 . 2012-10-08 16:42 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-08 16:42 . 2012-10-08 16:42 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-10-08 16:42 . 2012-10-08 16:42 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-08 16:42 . 2012-10-08 16:42 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-08 16:42 . 2012-10-08 16:42 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-08 16:42 . 2012-01-21 16:29 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-08 16:42 . 2012-10-08 16:42 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-08 16:42 . 2012-10-08 16:42 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-08 16:42 . 2012-10-08 16:42 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-08 16:42 . 2012-01-21 16:29 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-08 16:42 . 2012-10-08 16:42 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-08 16:42 . 2012-01-21 16:29 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-08 16:42 . 2012-10-08 16:42 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E71596B0-A83B-453D-82C1-4BE99947C65F}]
2012-03-23 08:13 107328 ----a-w- c:\users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Akamai NetSession Interface"="c:\users\melanie\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-27 1255736]
R3 X6va005;X6va005;c:\users\melanie\AppData\Local\Temp\005D90F.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-06-25 331512]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\DRIVERS\qcfilterdl2k.sys [2010-08-25 6400]
S3 qcusbnetdl2k;Gobi 2000 USB-NDIS miniport(413C-8186);c:\windows\system32\DRIVERS\qcusbnetdl2k.sys [2010-08-25 443392]
S3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\DRIVERS\qcusbserdl2k.sys [2010-08-25 230784]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TuneUpUtilitiesDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-02 15:59]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002660311-1004659573-2410536576-1001Core.job
- c:\users\melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 20:45]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002660311-1004659573-2410536576-1001UA.job
- c:\users\melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 20:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-22 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-22 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-22 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
Completion time: 2012-12-02 19:13:57
ComboFix-quarantined-files.txt 2012-12-03 00:13
.
Pre-Run: 446,233,264,128 bytes free
Post-Run: 446,182,932,480 bytes free
.
- - End Of File - - 1750BBB00FA21EC0723F1F4BF39DE8CA
ALZN's Avatar
ALZN ALZN is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Dec 2012
02-Dec-2012, 08:06 PM #10
Right now I'm looking to see if the computer will crash like it did previously.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,866 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
03-Dec-2012, 03:49 PM #11
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
Attached Files
File Type: txt CFScript.txt (81 Bytes, 64 views)
ALZN's Avatar
ALZN ALZN is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Dec 2012
03-Dec-2012, 07:26 PM #12
After my computer reset from ComboFix and I copied the report, I was unable to open any browser. The error message I received stated that it was marked for deletion. Honestly, I freaked out. I then restarted my computer and all the files are working fine now, but I'm unable to find the Combofix.txt file. However I checked for my problem devices and X5XSEx is no longer listed. I also checked in my Device Manager and X5XSEx is absent! I have an image file of what my Device Manager currently looks like, however I am unable to insert an image?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,866 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
04-Dec-2012, 04:02 AM #13
look in C:\qoobox for the Combofix.txt

are you still getting any problems now or have they all cleared up
ALZN's Avatar
ALZN ALZN is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Dec 2012
04-Dec-2012, 06:18 AM #14
I haven't been getting any problems!
I have found the files Add-Remove Programs.txt, CFScript_used_2012-12-03_18.22.16.txt, and ComboFix-quarantined-files.txt that were created yesterday. Do I post the contents of all or just one specific file?
.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,866 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Dec-2012, 08:09 AM #15
there should just be a Combofix.txt and a combofix2.txt in Qoobox. If they aren't there please look inside the quarantine folder inside qoobox
that is the file I need to see , not the others to make sure CF did deal with it
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑