Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Trojan:JS/Medfos.B infection


(!)

MnM3's Avatar
MnM3 MnM3 is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate
11-Feb-2013, 10:17 PM #1
Trojan:JS/Medfos.B infection
Howdy,

Since last night MSE has been identifying the Trojan:JS/Medfos.B every couple minutes and quarantines the action.
However after running a bunch of scans, none of my anti-virus software (MSE, Malwarebytes or adwclearer) can detect it. I understand it is nasty virus that changes itself so detection is difficult.

So far my system appears to be running OK - no hijacks or slowdowns...but I want to get ride of this nasty one.

BTW - I have a 2TB USB backup that runs nightly. I did not run a backup last night. However without knowing if the virus has a delay feature, I'm not sure whether or not the virus got into the backups. The backup drive is unplugged for now.
Is it safe to assume that since a backup is a one way process - I can do a fresh backup once we clean my computer and then delete the old backups?

Thanks,
MnM3

Below are the requested logs:

HIJACK THIS:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:59:34 PM, on 2/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 7.184.80.56 SERVER #Windows Home Server#
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Google Analytics Opt-out Browser Add-on - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN233BQ0WY05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Windows Home Server.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11214 bytes

DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Owner at 18:00:22 on 2013-02-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16278.13793 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Google Analytics Opt-out Browser Add-on: {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [WorldClock] <no file>
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WorldClock] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{7C34C74E-B5F2-42BD-8BC6-A575C34F7414} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [zrmito] rundll32.exe "C:\Users\Owner\AppData\Roaming\zrmito.dll",GetSystemParameter
x64-Run: [mdlwmt] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\mdlwmt.dll",vExecTokenA
x64-Run: [dmscsh] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmscsh.dll",UnpackTuple
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 7.184.80.56 SERVER #Windows Home Server#
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-17 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-5-17 17192]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]
R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-17 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-17 121344]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-17 161560]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-31 3467768]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-17 363800]
R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2012-8-22 2725376]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-17 25632]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-17 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-17 787736]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-17 351136]
R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2011-3-3 4865568]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-6-12 35112]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-5-17 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DrmCAudio;DrmCAudio;C:\Windows\System32\drivers\DrmCAudio.sys [2012-10-23 34088]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-17 331264]
S3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-6-27 32344]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-27 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-27 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-27 30208]
S3 TuneConvertAudio;TuneConvertAudio;C:\Windows\System32\drivers\TuneConvertAu dio.sys [2012-10-21 34088]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-4 1255736]
.
=============== Created Last 30 ================
.
2013-02-12 01:37:29 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2013-02-11 06:38:32 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64659B79-F267-458A-B48C-A80F433E0B41}\offreg.dll
2013-02-11 02:47:45 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64659B79-F267-458A-B48C-A80F433E0B41}\mpengine.dll
2013-02-11 02:07:27 300544 ----a-w- C:\Users\Owner\AppData\Roaming\dmscsh.dll
2013-02-11 02:07:04 552448 ----a-w- C:\Users\Owner\AppData\Roaming\mdlwmt.dll
2013-02-11 02:06:17 139776 ----a-w- C:\Users\Owner\AppData\Roaming\zrmito.dll
2013-02-10 11:09:37 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-20 20:35:20 -------- d-----w- C:\Windows\SysWow64\My Vaults
2013-01-19 19:52:58 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
.
==================== Find3M ====================
.
2013-02-12 01:37:29 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-02-11 04:36:41 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-02-11 04:36:41 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-02-11 04:34:47 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-02-08 15:49:29 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 15:49:29 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-01 07:52:20 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-02-01 07:52:20 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-02-01 07:52:20 111616 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-02-01 07:52:20 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 06:08:06 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-01-07 02:38:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
.
============= FINISH: 18:00:39.65 ===============


ATTACH LOG:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/17/2012 9:04:32 AM
System Uptime: 2/11/2013 5:36:57 PM (1 hours ago)
.
Motherboard: ASRock | | Z77 Extreme4
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 668.346 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 288.2 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Controller
Device ID: PCI\VEN_10DE&DEV_0E0A&SUBSYS_097A10DE&REV_A1\4&12B449C0&0&0109
Manufacturer: Microsoft
Name: High Definition Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_0E0A&SUBSYS_097A10DE&REV_A1\4&12B449C0&0&0109
Service: HDAudBus
.
==== System Restore Points ===================
.
RP276: 2/9/2013 2:00:23 AM - Windows Backup
RP277: 2/10/2013 2:00:23 AM - Windows Backup
RP278: 2/11/2013 5:47:41 PM - Windows Backup
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASRock App Charger v1.0.5
ASUS Xonar DG Audio Driver
Audacity 2.0.2
Battlefield 3™
Battlelog Web Plugins
Better File Rename 5.1
Broadcom NetLink Controller
CameraHelperMsi
CCleaner
Chinese Simplified Fonts Support For Adobe Reader 9
Core Temp 1.0 RC3
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
erLT
ESN Sonar
Fotosizer 1.34
Freemake Video Converter version 3.1.2
Geeks3D.com FurMark 1.10.0
Google Analytics Opt-out Browser Add-on
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HP FWUpdateEDO2
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Update
I.R.I.S. OCR
Intel(R) Control Center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 2.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Japanese Fonts Support For Adobe Reader 9
Jasc Paint Shop Pro 8
Java 7 Update 9
Java Auto Updater
Java(TM) 7 Update 4 (64-bit)
JavaFX 2.1.1
LAME v3.99.3 (for Windows)
Logitech Gaming Software
Logitech Gaming Software 8.40
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft Application Error Reporting
Microsoft AutoRoute 2011
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
Newshosting
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.16.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
Origin
PDFCreator
PunkBuster Services
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.0
TeamSpeak 3 Client
TeamViewer 8
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Ventrilo Client for Windows x64
VLC media player 2.0.2
Windows Home Server Connector
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
WinRAR archiver
WinZip
WorldClock 3.0
.
==== Event Viewer Messages From Past Week ========
.
2/8/2013 2:36:22 AM, Error: volsnap [25] - The shadow copies of volume E: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
2/11/2013 5:48:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\Owner\AppData\Local\ae4291b1-3050-40cf-b52b-b8ebd1e97b4e.crx;file:_C:\Users\Owner\AppData\Local\ae4291b1-3050-40cf-b52b-b8ebd1e97b4e.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070070 Error description: There is not enough space on the disk. Signature Version: AV: 1.143.2006.0, AS: 1.143.2006.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
2/11/2013 5:39:49 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/11/2013 5:39:49 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
2/11/2013 5:37:53 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
2/11/2013 5:37:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tpcdrdrv
2/10/2013 10:38:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/10/2013 10:38:44 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/10/2013 10:38:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/10/2013 10:38:42 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/10/2013 10:38:42 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================

ARK LOG:
GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-11 18:05:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.15.0 931.51GB
Running: h4zzyvoq.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwliqkow.sys

---- Threads - GMER 2.0 ----
Thread C:\Windows\SysWOW64\rundll32.exe [3436:3456] 0000000000233bc6
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [5756:5036] 0000000005c43414
---- EOF - GMER 2.0 ----
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,702 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
12-Feb-2013, 09:21 AM #2
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
MnM3's Avatar
MnM3 MnM3 is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate
12-Feb-2013, 10:52 PM #3
Derek,

ComboFix was run.
Below is the log.

However, I got two popups after it was run indicating two files were not found.
C:\Users\Owner\AppData\Roaming\dmscsh.dll
C:\Users\Owner\AppData\Roaming\mdlwmt.dll

Not sure if Combo deleted them just now or MSE during a full scan last night.
MSE found them and asked they be sent for further analysis - which I did before running ComboFix.
I assume they got deleted by one or both of the software.
I assume I can repair from my Win7 disk in the future after we are done.

Thanks,
Mark


ComboFix 13-02-12.01 - Owner 02/12/2013 18:31:30.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16278.14083 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\dmscsh.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-01-13 to 2013-02-13 )))))))))))))))))))))))))))))))
.
.
2013-02-12 11:26 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C0BC9-2654-4854-873F-0C2CDF6E735E}\mpengine.dll
2013-02-12 06:58 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-12 06:45 . 2013-02-12 06:45 22064 ----a-w- c:\windows\DCEBoot64.exe
2013-01-20 20:35 . 2013-01-20 20:35 -------- d-----w- c:\windows\SysWow64\My Vaults
2013-01-19 19:52 . 2013-01-19 19:52 -------- d-----w- c:\users\Owner\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 02:35 . 2012-05-17 16:25 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2013-02-12 05:45 . 2012-06-08 04:41 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-02-12 05:45 . 2012-06-06 02:13 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-02-12 04:38 . 2012-06-06 02:13 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-02-08 15:49 . 2012-06-07 04:02 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 15:49 . 2012-06-07 04:02 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-01 07:52 . 2012-08-23 03:14 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-01 07:52 . 2012-08-23 03:14 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-02-01 07:52 . 2012-08-23 03:14 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-01 07:52 . 2012-08-23 03:14 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 11:04 . 2012-06-04 19:21 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 06:08 . 2012-06-06 02:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-01-07 02:38 . 2013-01-07 02:38 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-16 17:11 . 2012-12-21 11:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2012-10-07 20:01 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 06:31 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 06:31 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 06:31 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 06:31 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 06:31 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 06:31 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 06:31 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 06:31 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 06:31 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 06:31 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 06:31 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 06:31 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 06:31 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 06:31 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 06:31 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 06:31 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 06:31 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 06:31 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 06:31 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 06:31 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 06:31 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 06:31 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 06:31 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 06:31 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 06:31 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 06:31 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 06:31 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 06:31 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 06:31 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 06:31 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 06:31 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 06:31 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 06:31 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 06:31 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 06:31 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 06:31 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 06:31 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 06:31 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 06:31 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 06:31 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 06:31 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 06:31 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-10 39408]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-6-12 666992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 363800]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [2012-06-05 34088]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAu dio.sys [2012-06-05 34088]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-04 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-22 49760]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-08 121344]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
S3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 35112]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-02-13 34752]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 15:49]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 01:44]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 01:44]
.
2013-02-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-02-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-13 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WorldClock - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-WorldClock - (no file)
HKLM-Run-mdlwmt - c:\users\Owner\AppData\Roaming\mdlwmt.dll
HKLM-Run-dmscsh - c:\users\Owner\AppData\Roaming\dmscsh.dll
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
.
**************************************************************************
.
Completion time: 2013-02-12 18:37:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-13 02:37
.
Pre-Run: 710,388,965,376 bytes free
Post-Run: 709,885,435,904 bytes free
.
- - End Of File - - 7CA7722378E6372BFB9B0A270F9A6B06
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,702 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
13-Feb-2013, 07:08 AM #4
reboot again & let us know if you are still getting any warning or error messages, or if you still have any problems
MnM3's Avatar
MnM3 MnM3 is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate
13-Feb-2013, 11:20 PM #5
Hi Derek,

I don't appear to have any redirects or slowdowns or MSE alerts but I am getting the missing file(s) popups at reboot.
C:\Users\Owner\AppData\Roaming\dmscsh.dll
C:\Users\Owner\AppData\Roaming\mdlwmt.dll
See attached:
dmscsh.dll.jpg
mdlwmt.dll.jpg

In addition, MSE found a quarantined file that it asked to be sent. Which I did.
See attached:
dmscsh.dll.vir.jpg

Mark
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,702 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Feb-2013, 03:31 AM #6
lets see if this shows us the start up entries for the missing files ( we deleted them with Combofix and their start up entries, but there must be additional start up entries hidden somewhere)


Download OTScanIt.exe to your Desktop
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Double-click on OTS.exe to start the program.
  • In the Files Age drop down box click 90
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
MnM3's Avatar
MnM3 MnM3 is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate
14-Feb-2013, 11:10 AM #7
Hi Derek,

Here is the OTC scan log. Surprisingly it didn't take too long to scan.

BTW - both popups appeared overnight and were lableld as "unable to find" files.

Mark

Code:
OTS logfile created on: 2/14/2013 7:01:56 AM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\Owner\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 87.00% Memory free
32.00 Gb Paging File | 30.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 665.99 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ANTEC300CA
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2013/02/14 06:58:50 | 000,646,656 | ---- | M] (OldTimer Tools)
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2013/01/08 22:08:06 | 000,076,888 | ---- | M] ()
teamviewer_service.exe -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -> [2012/12/14 01:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH)
teamviewer.exe -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe -> [2012/12/14 01:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH)
tv_w32.exe -> C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe -> [2012/12/14 01:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation)
streetsolkshim.exe -> C:\Program Files (x86)\Microsoft AutoRoute 2011\StreetsOlkShim.exe -> [2012/06/16 10:53:54 | 000,040,736 | ---- | M] (Microsoft)
uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/02/07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation)
lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/02/07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation)
jhi_service.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/02/07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation)
intelmefwservice.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/02/07 16:27:24 | 000,121,344 | ---- | M] ()
umvpfsrv.exe -> C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -> [2012/01/17 22:44:52 | 000,450,848 | ---- | M] (Logitech Inc.)
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation)
asusaudiocenter.exe -> C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe -> [2011/05/12 15:50:03 | 001,990,656 | ---- | M] (CMedia)
hsmgr.exe -> C:\Windows\SysWOW64\HsMgr.exe -> [2008/07/11 14:04:22 | 000,200,704 | ---- | M] ()
 
[Modules - No Company Name]
vmixp8.dll -> C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll -> [2011/04/19 13:56:58 | 000,143,360 | ---- | M] ()
hsmgr.exe -> C:\Windows\SysWOW64\HsMgr.exe -> [2008/07/11 14:04:22 | 000,200,704 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(NisSrv)  [Unknown | Running] -> c:\Program Files\Microsoft Security Client\NisSrv.exe -> [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation)
64bit-(MsMpSvc)  [Unknown | Running] -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation)
64bit-(ISCTAgent)  [Auto | Running] -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -> [2012/02/09 15:26:48 | 000,133,632 | ---- | M] ()
64bit-(Intel(R) Capability Licensing Service Interface)  [Auto | Running] -> C:\Program Files\Intel\iCLS Client\HeciServer.exe -> [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation)
64bit-(arXfrSvc)  [Auto | Running] -> C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -> [2011/01/10 12:21:02 | 000,231,280 | ---- | M] (Microsoft Corporation)
64bit-(esClient)  [Auto | Running] -> C:\Program Files\Windows Home Server\esClient.exe -> [2011/01/10 12:20:18 | 000,109,936 | ---- | M] (Microsoft Corporation)
64bit-(WHSConnector)  [Auto | Running] -> C:\Program Files\Windows Home Server\WHSConnector.exe -> [2011/01/10 12:19:58 | 000,489,840 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(AppMgmt)  [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/02/08 07:49:29 | 000,251,248 | ---- | M] (Adobe Systems Incorporated)
(PnkBstrA) PnkBstrA [Auto | Running] -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2013/01/08 22:08:06 | 000,076,888 | ---- | M] ()
(TeamViewer8) TeamViewer 8 [Auto | Running] -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -> [2012/12/14 01:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH)
(SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files (x86)\Skype\Updater\Updater.exe -> [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies)
(cphs) Intel(R) Content Protection HECI Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\IntelCpHeciSvc.exe -> [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation)
(nvUpdatusService) NVIDIA Update Service Daemon [Auto | Stopped] -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -> [2012/10/02 14:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation)
(Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation)
(UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/02/07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/02/07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation)
(jhi_service) Intel(R) Dynamic Application Loader Host Interface Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/02/07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation)
(Intel(R) ME Service) Intel(R) ME Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/02/07 16:27:24 | 000,121,344 | ---- | M] ()
(UMVPFSrv) UMVPFSrv [Auto | Running] -> C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -> [2012/01/17 22:44:52 | 000,450,848 | ---- | M] (Logitech Inc.)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(WPRO_41_2001) WinPcap Packet Driver (WPRO_41_2001) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\WPRO_41_2001.sys -> [2013/02/14 03:30:49 | 000,034,752 | ---- | M] ()
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation)
64bit-(LGSHidFilt) Logitech Gaming KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LGSHidFilt.Sys -> [2012/10/02 14:26:46 | 000,066,360 | ---- | M] (Logitech Inc.)
64bit-(NisDrv) Microsoft Network Inspection System [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\NisDrvWFP.sys -> [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation)
64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation)
64bit-(tbhsd) Audials Sound Capturing [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tbhsd.sys -> [2012/08/20 10:48:46 | 000,047,208 | ---- | M] (RapidSolution Software AG)
64bit-(MEIx64) Intel(R) Management Engine Interface  [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation)
64bit-(TuneConvertAudio) TuneConvertAudio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TuneConvertAudio.sys -> [2012/06/05 10:00:54 | 000,034,088 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(DrmCAudio) DrmCAudio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\DrmCAudio.sys -> [2012/06/05 09:42:54 | 000,034,088 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2012/04/18 09:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation)
64bit-(ISCT) Intel(R) Smart Connect Technology Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ISCTD64.sys -> [2012/02/09 15:24:16 | 000,044,992 | ---- | M] ()
64bit-(imsevent) Intel Upper Mouse Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\imsevent.sys -> [2012/02/09 15:24:16 | 000,025,536 | ---- | M] ()
64bit-(ikbevent) Intel Upper keyboard Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ikbevent.sys -> [2012/02/09 15:24:14 | 000,025,536 | ---- | M] ()
64bit-(iusb3xhc) Intel(R) USB 3.0 eXtensible Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\iusb3xhc.sys -> [2012/01/26 09:39:34 | 000,787,736 | ---- | M] (Intel Corporation)
64bit-(iusb3hub) Intel(R) USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\iusb3hub.sys -> [2012/01/26 09:39:34 | 000,356,120 | ---- | M] (Intel Corporation)
64bit-(iusb3hcs) Intel(R) USB 3.0 Host Controller Switch Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iusb3hcs.sys -> [2012/01/26 09:39:34 | 000,016,152 | ---- | M] (Intel Corporation)
64bit-(LVUVC64) Logitech HD Webcam C525(UVC) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LVUVC64.sys -> [2012/01/17 22:44:36 | 004,865,568 | ---- | M] (Logitech Inc.)
64bit-(LVRS64) Logitech RightSound Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\lvrs64.sys -> [2012/01/17 22:44:28 | 000,351,136 | ---- | M] (Logitech Inc.)
64bit-(CompFilter64) UVCCompositeFilter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\lvbflt64.sys -> [2012/01/17 22:44:14 | 000,025,632 | ---- | M] (Logitech Inc.)
64bit-(teamviewervpn) TeamViewer VPN Adapter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\teamviewervpn.sys -> [2011/12/16 07:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH)
64bit-(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\IntcDAud.sys -> [2011/12/05 11:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2011/11/29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation)
64bit-(asahci64) asahci64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\asahci64.sys -> [2011/09/21 16:56:24 | 000,049,760 | ---- | M] (Asmedia Technology)
64bit-(AsrAppCharger) AsrAppCharger [Kernel | System | Running] -> C:\Windows\SysNative\drivers\AsrAppCharger.sys -> [2011/05/10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(k57nd60a) Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\k57nd60a.sys -> [2011/05/09 19:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(cmudaxp) ASUS Xonar DG Audio Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\cmudaxp.sys -> [2011/03/09 23:44:16 | 002,725,376 | ---- | M] (C-Media Inc)
64bit-(asmtxhci) ASMEDIA XHCI Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\asmtxhci.sys -> [2011/03/04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc)
64bit-(asmthub3) ASMedia USB3 Hub Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\asmthub3.sys -> [2011/03/04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc)
64bit-(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wdcsam64.sys -> [2011/02/16 15:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies)
64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\dmvsc.sys -> [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(LGVirHid) Logitech Gamepanel Virtual HID Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LGVirHid.sys -> [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.)
64bit-(LGBusEnum) Logitech GamePanel Virtual Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LGBusEnum.sys -> [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.)
64bit-(MBfilt) MBfilt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MBfilt64.sys -> [2009/11/18 06:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WSDPrint.sys -> [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation)
64bit-(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\serscan.sys -> [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> -> 
HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-US -> 
HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> AB 41 F0 FD 67 42 CD 01  [binary data] -> 
HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2013/02/12 18:35:10 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/06/05 20:57:45 | 000,545,224 | ---- | M] (Oracle Corporation)
{9A065C65-4EE7-4DDD-9918-F129089A894A} [HKLM] -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [BrowserHelper Class] -> [2011/01/10 12:20:00 | 000,266,096 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2012/12/16 11:36:49 | 000,253,584 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/06/05 20:57:45 | 000,193,480 | ---- | M] (Oracle Corporation)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{75EF13CE-B59E-41ba-8A5A-A944031BD8B4} [HKLM] -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [Google Analytics Opt-out Browser Add-on] -> [2010/07/14 15:54:48 | 000,245,816 | ---- | M] (Google, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/09/24 23:02:30 | 000,449,512 | ---- | M] (Oracle Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/09/24 23:02:30 | 000,155,384 | ---- | M] (Oracle Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/12/16 11:36:49 | 000,253,584 | ---- | M] (Google Inc.)
"{D73E76A3-F902-45BD-8FC8-95AE8E014671}" [HKLM] -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [Home Server Banner] -> [2011/01/10 12:20:00 | 000,266,096 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/12/16 11:36:49 | 000,253,584 | ---- | M] (Google Inc.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Cmaudio8788" -> C:\Windows\Syswow64\cmicnfgp.dll [C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd] -> [2011/05/12 17:05:04 | 008,769,536 | ---- | M] (C-Media Corporation)
"Cmaudio8788GX" -> C:\Windows\syswow64\HsMgr.exe [C:\Windows\syswow64\HsMgr.exe Envoke] -> [2008/07/11 14:04:22 | 000,200,704 | ---- | M] ()
"Cmaudio8788GX64" -> C:\Windows\system\HsMgr64.exe [C:\Windows\system\HsMgr64.exe Envoke] -> [2008/07/11 14:03:58 | 000,282,112 | ---- | M] ()
"dmscsh" ->  ["C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmscsh.dll",UnpackTuple] -> File not found
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2012/10/10 02:22:28 | 000,399,392 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2012/10/10 02:22:24 | 000,171,040 | ---- | M] (Intel Corporation)
"IntelliPoint" -> C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe ["C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"] -> [2012/11/02 15:38:34 | 002,076,272 | ---- | M] (Microsoft Corporation)
"IntelliType Pro" -> C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe ["C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"] -> [2012/11/02 15:38:34 | 001,464,944 | ---- | M] (Microsoft Corporation)
"Launch LCore" -> C:\Program Files\Logitech Gaming Software\LCore.exe [C:\Program Files\Logitech Gaming Software\LCore.exe /minimized] -> [2012/11/28 16:09:44 | 007,406,392 | ---- | M] (Logitech Inc.)
"mdlwmt" ->  ["C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\mdlwmt.dll",vExecTokenA] -> File not found
"MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2012/09/12 20:16:10 | 001,289,704 | ---- | M] (Microsoft Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2012/10/10 02:22:30 | 000,441,888 | ---- | M] (Intel Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"" ->  [] -> File not found
< Run [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HP Officejet Pro 8600 (NET)" -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe ["C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN233BQ0WY05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1] -> [2012/10/17 04:29:50 | 002,573,416 | ---- | M] (Hewlett-Packard Co.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"PromptOnSecureDesktop" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/control...ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/pu...sh/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7C34C74E-B5F2-42BD-8BC6-A575C34F7414}\\DhcpNameServer -> 192.168.1.254   (Broadcom NetLink (TM) Gigabit Ethernet) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 17:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2012/10/10 02:22:28 | 000,441,856 | ---- | M] (Intel Corporation)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{149D055A-E5F7-42AC-B57B-B68CEF1407DF} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{311F1D0C-1F0F-432C-86DB-7325873B49A7} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{37179AFF-A3BA-473C-8454-589A09BF1BDE} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{3C8FDB0D-DF96-4498-8652-70674EA1432D} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{44E7C6BF-5A63-47C5-A2DD-1561E3E17DC2} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{4A6669DA-7EAD-4AAF-B6C5-0C64504AFE70} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{548F2DBD-6046-4DCE-BBE2-732AD1D94D41} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
{67CBA034-0575-4BCD-94C3-1F6DF6337A17} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{708F82E6-36A5-4B4C-9C08-A0374F8A0034} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{84F8F001-E037-46C2-8069-FFDF763EF21D} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{8E91872C-1D6C-4E4B-A576-599EF1CDC108} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{966116C2-9CFC-4FF1-9B76-7A3EDD83F156} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{AD5ABEEB-BA7C-466F-B5C1-CD642B87B43A} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{B9645A41-74A6-4584-9E03-3E50664DC599} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{BA5DE283-D8B9-4532-AE22-90BA26DC363F} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{CF9152BE-1C43-4A1C-817E-A149605469BD} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{D380BBE0-E55A-49F3-81B9-24761DEAF643} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{D539875D-33A1-47A3-A9D2-A3A2FBCB637E} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{DC478DEE-5D0A-4C51-9227-8C6A11909434} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{E03DE931-EC65-4612-852B-E9556D4A44DE} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{E6397563-67C6-419C-B269-3853110A6093} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{FB392392-C22F-4937-8AF6-DACF36EF6742} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{FDB63D2D-5118-4E2A-9718-4F194B97AD74} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{02136399-041C-4EAA-B21D-134847EC22AC} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
{0651A82F-77B4-46C9-B49F-7915793F21E2} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
{1EBFF612-4D4D-4667-B665-85CDEB24D6C2} -> profile=public | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{28B06CAB-75E8-4483-8AC8-59B937E149F7} -> profile=public | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{2C2067B3-87C0-414F-B16B-3DBB450E6FDC} -> dir=in | action=allow | name=hp device setup (hp officejet pro 8600) | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | 
{31A0F655-943B-4C18-ACD5-C029280AAE79} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
{343C8211-9838-46D4-9DCB-C446BFEF8FAC} -> profile=private | protocol=17 | dir=in | action=allow | name=logitech vid hd | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
{389568ED-736C-455B-B73A-6514B5E24B6F} -> dir=in | action=allow | name=hp network communicator (hp officejet pro 8600) | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | 
{40C5C899-87A3-46B8-B0E2-31C966D4556E} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{470A9CE1-2350-4276-90CF-5497DDB01310} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield 3™ | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
{4D0F1894-9E81-46E1-BB0F-A87EED46324F} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{5329ABF8-4F1D-41F6-9731-C71E35E901EE} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{5DE281B4-5771-4AC4-94C9-EE41CFD66B9B} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe | 
{62AD4D38-1C0A-4F48-A6A3-B13281972C03} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{66EC4D59-12EE-43B5-B19A-CD186AB472F2} -> profile=private | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{6B6A6ACA-8C54-49E3-AB86-1E1473045247} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{6D312A41-DEAB-4C2B-A281-9CC86762330E} -> dir=in | action=allow | name=hp officejet pro 8600 sendfaxappexe | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe | 
{6F94456E-6C7D-4289-85E4-7C48C815900F} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield 3™ | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
{858FED68-EB7E-4DBC-9088-8252BFE1E2BA} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{8676B3B5-1F30-453E-AFC8-C00A15DAD911} -> profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{8ADD5217-1F2D-4BF8-AFB0-09ACFCD71CD2} -> profile=public | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{9E017217-8C14-4DBA-9D15-85F017E49DFF} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{A230F63E-CF31-4CBB-97BA-0E80F52F9768} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{A37E05E8-E881-4131-9734-2A7C2215FA0C} -> dir=in | action=allow | name=hp network communicator com (hp officejet pro 8600) | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe | 
{AD1393E1-8EFF-4F82-96F5-380A7DEA054E} -> dir=in | action=allow | name=hp officejet pro 8600 faxapplications | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe | 
{B26AB2BD-30E7-44D2-A4FB-26AD26850026} -> dir=in | action=allow | name=hp officejet pro 8600 digitalwizards | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe | 
{B403E529-8BB7-4207-AA05-7F78DF1CFCA5} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{B6254909-F41B-4E08-8831-007447A27B7C} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
{BF457EB1-B595-4D8A-AAB3-062153005BDE} -> profile=private | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{CADB6DCD-5C5E-41B8-8BFF-28E1C96A7B6C} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe | 
{CE7CFE51-A25A-486E-B1AB-EC4DEE947CDE} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{D0A137A7-3487-4CFA-995E-15D461715E69} -> profile=private | protocol=6 | dir=in | action=allow | name=logitech vid hd | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
{FAE6C927-EF3B-4110-949D-64C9DA3637F8} -> profile=public | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
TCP Query User{FBBD57E2-F7B5-41CC-A978-F96F9AD183EA}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{529B27EF-8800-4B92-A95E-1B7F9E5D8C18}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 19:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2013/02/14 06:58:50 | 000,646,656 | ---- | C] (OldTimer Tools)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2013/02/14 03:00:34 | 000,096,768 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2013/02/14 03:00:34 | 000,073,216 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2013/02/14 03:00:33 | 000,248,320 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2013/02/14 03:00:33 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2013/02/14 03:00:33 | 000,173,056 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2013/02/14 03:00:32 | 000,237,056 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2013/02/14 03:00:32 | 000,231,936 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2013/02/14 03:00:32 | 000,142,848 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2013/02/14 03:00:31 | 002,312,704 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2013/02/14 03:00:31 | 001,494,528 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2013/02/14 03:00:31 | 001,427,968 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2013/02/14 03:00:31 | 000,729,088 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2013/02/14 03:00:29 | 000,816,640 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2013/02/14 03:00:29 | 000,717,824 | ---- | C] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2013/02/14 03:00:29 | 000,599,040 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2013/02/13 12:37:08 | 005,553,512 | ---- | C] (Microsoft Corporation)
 ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2013/02/13 12:37:07 | 003,967,848 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2013/02/13 12:37:07 | 003,913,064 | ---- | C] (Microsoft Corporation)
 winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2013/02/13 12:37:04 | 000,215,040 | ---- | C] (Microsoft Corporation)
 setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2013/02/13 12:37:04 | 000,025,600 | ---- | C] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2013/02/13 12:37:04 | 000,014,336 | ---- | C] (Microsoft Corporation)
 instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2013/02/13 12:37:04 | 000,007,680 | ---- | C] (Microsoft Corporation)
 wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2013/02/13 12:37:04 | 000,005,120 | ---- | C] (Microsoft Corporation)
 FWPKCLNT.SYS -> C:\Windows\SysNative\drivers\FWPKCLNT.SYS -> [2013/02/13 12:37:03 | 000,288,088 | ---- | C] (Microsoft Corporation)
 user.exe -> C:\Windows\SysWow64\user.exe -> [2013/02/13 12:37:03 | 000,002,048 | ---- | C] (Microsoft Corporation)
 temp -> C:\Windows\temp -> [2013/02/12 18:37:18 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2013/02/12 18:35:14 | 000,000,000 | -HSD | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2013/02/12 18:31:00 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2013/02/12 18:31:00 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2013/02/12 18:31:00 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2013/02/12 18:30:58 | 000,000,000 | ---D | C]
 erdnt -> C:\Windows\erdnt -> [2013/02/12 18:30:52 | 000,000,000 | ---D | C]
 ComboFix.exe -> C:\Users\Owner\Desktop\ComboFix.exe -> [2013/02/12 18:27:35 | 005,033,736 | R--- | C] (Swearware)
 dds.scr -> C:\Users\Owner\Desktop\dds.scr -> [2013/02/11 17:46:40 | 000,688,992 | R--- | C] (Swearware)
 HijackThis.exe -> C:\Users\Owner\Desktop\HijackThis.exe -> [2013/02/11 17:46:05 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 My Vaults -> C:\Windows\SysWow64\My Vaults -> [2013/01/20 12:35:20 | 000,000,000 | ---D | C]
 Programs -> C:\Users\Owner\AppData\Local\Programs -> [2013/01/19 11:52:58 | 000,000,000 | ---D | C]
 Battlefield 3 -> C:\Users\Owner\Documents\Battlefield 3 -> [2013/01/13 20:04:29 | 000,000,000 | ---D | C]
 My Scans -> C:\Users\Owner\Documents\My Scans -> [2013/01/09 00:22:06 | 000,000,000 | ---D | C]
 win32spl.dll -> C:\Windows\SysNative\win32spl.dll -> [2013/01/08 22:31:47 | 000,750,592 | ---- | C] (Microsoft Corporation)
 win32spl.dll -> C:\Windows\SysWow64\win32spl.dll -> [2013/01/08 22:31:47 | 000,492,032 | ---- | C] (Microsoft Corporation)
 usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2013/01/08 22:31:43 | 000,800,768 | ---- | C] (Microsoft Corporation)
 ncrypt.dll -> C:\Windows\SysNative\ncrypt.dll -> [2013/01/08 22:31:43 | 000,307,200 | ---- | C] (Microsoft Corporation)
 Wpc.dll -> C:\Windows\SysNative\Wpc.dll -> [2013/01/08 22:31:42 | 000,441,856 | ---- | C] (Microsoft Corporation)
 fpb.rs -> C:\Windows\SysWow64\fpb.rs -> [2013/01/08 22:31:42 | 000,046,592 | ---- | C] (Microsoft)
 fpb.rs -> C:\Windows\SysNative\fpb.rs -> [2013/01/08 22:31:42 | 000,046,592 | ---- | C] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysWow64\oflc-nz.rs -> [2013/01/08 22:31:42 | 000,045,568 | ---- | C] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysNative\oflc-nz.rs -> [2013/01/08 22:31:42 | 000,045,568 | ---- | C] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysWow64\pegibbfc.rs -> [2013/01/08 22:31:42 | 000,044,544 | ---- | C] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysNative\pegibbfc.rs -> [2013/01/08 22:31:42 | 000,044,544 | ---- | C] (Microsoft)
 csrr.rs -> C:\Windows\SysWow64\csrr.rs -> [2013/01/08 22:31:42 | 000,043,520 | ---- | C] (Microsoft)
 csrr.rs -> C:\Windows\SysNative\csrr.rs -> [2013/01/08 22:31:42 | 000,043,520 | ---- | C] (Microsoft)
 cob-au.rs -> C:\Windows\SysWow64\cob-au.rs -> [2013/01/08 22:31:42 | 000,040,960 | ---- | C] (Microsoft)
 cob-au.rs -> C:\Windows\SysNative\cob-au.rs -> [2013/01/08 22:31:42 | 000,040,960 | ---- | C] (Microsoft)
 usk.rs -> C:\Windows\SysWow64\usk.rs -> [2013/01/08 22:31:42 | 000,030,720 | ---- | C] (Microsoft)
 usk.rs -> C:\Windows\SysNative\usk.rs -> [2013/01/08 22:31:42 | 000,030,720 | ---- | C] (Microsoft)
 grb.rs -> C:\Windows\SysWow64\grb.rs -> [2013/01/08 22:31:42 | 000,021,504 | ---- | C] (Microsoft)
 grb.rs -> C:\Windows\SysNative\grb.rs -> [2013/01/08 22:31:42 | 000,021,504 | ---- | C] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysWow64\pegi-pt.rs -> [2013/01/08 22:31:42 | 000,020,480 | ---- | C] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysNative\pegi-pt.rs -> [2013/01/08 22:31:42 | 000,020,480 | ---- | C] (Microsoft)
 pegi.rs -> C:\Windows\SysWow64\pegi.rs -> [2013/01/08 22:31:42 | 000,020,480 | ---- | C] (Microsoft)
 pegi.rs -> C:\Windows\SysNative\pegi.rs -> [2013/01/08 22:31:42 | 000,020,480 | ---- | C] (Microsoft)
 djctq.rs -> C:\Windows\SysWow64\djctq.rs -> [2013/01/08 22:31:42 | 000,015,360 | ---- | C] (Microsoft)
 djctq.rs -> C:\Windows\SysNative\djctq.rs -> [2013/01/08 22:31:42 | 000,015,360 | ---- | C] (Microsoft)
 gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2013/01/08 22:31:41 | 002,746,368 | ---- | C] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2013/01/08 22:31:41 | 002,576,384 | ---- | C] (Microsoft Corporation)
 Wpc.dll -> C:\Windows\SysWow64\Wpc.dll -> [2013/01/08 22:31:41 | 000,308,736 | ---- | C] (Microsoft Corporation)
 cero.rs -> C:\Windows\SysWow64\cero.rs -> [2013/01/08 22:31:41 | 000,055,296 | ---- | C] (Microsoft)
 cero.rs -> C:\Windows\SysNative\cero.rs -> [2013/01/08 22:31:41 | 000,055,296 | ---- | C] (Microsoft)
 esrb.rs -> C:\Windows\SysWow64\esrb.rs -> [2013/01/08 22:31:41 | 000,051,712 | ---- | C] (Microsoft)
 esrb.rs -> C:\Windows\SysNative\esrb.rs -> [2013/01/08 22:31:41 | 000,051,712 | ---- | C] (Microsoft)
 oflc.rs -> C:\Windows\SysWow64\oflc.rs -> [2013/01/08 22:31:41 | 000,023,552 | ---- | C] (Microsoft)
 oflc.rs -> C:\Windows\SysNative\oflc.rs -> [2013/01/08 22:31:41 | 000,023,552 | ---- | C] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysWow64\pegi-fi.rs -> [2013/01/08 22:31:41 | 000,020,480 | ---- | C] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysNative\pegi-fi.rs -> [2013/01/08 22:31:41 | 000,020,480 | ---- | C] (Microsoft)
 kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2013/01/08 22:31:33 | 001,161,216 | ---- | C] (Microsoft Corporation)
 KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2013/01/08 22:31:33 | 000,424,448 | ---- | C] (Microsoft Corporation)
 wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2013/01/08 22:31:33 | 000,362,496 | ---- | C] (Microsoft Corporation)
 conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2013/01/08 22:31:33 | 000,338,432 | ---- | C] (Microsoft Corporation)
 wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2013/01/08 22:31:33 | 000,243,200 | ---- | C] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2013/01/08 22:31:33 | 000,016,384 | ---- | C] (Microsoft Corporation)
 wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2013/01/08 22:31:33 | 000,013,312 | ---- | C] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,005,120 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,005,120 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,006,144 | -H-- | C] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,006,144 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2013/01/08 22:31:27 | 000,068,608 | ---- | C] (Microsoft Corporation)
 Logitech -> C:\Users\Owner\AppData\Local\Logitech -> [2013/01/06 18:38:40 | 000,000,000 | ---D | C]
 LNonPnP.sys -> C:\Windows\SysNative\drivers\LNonPnP.sys -> [2013/01/06 18:38:17 | 000,018,960 | ---- | C] (Logitech, Inc.)
 Logitech Gaming Software -> C:\Program Files\Logitech Gaming Software -> [2013/01/06 18:38:04 | 000,000,000 | ---D | C]
 Logitech -> C:\Users\Owner\AppData\Roaming\Logitech -> [2013/01/06 18:37:42 | 000,000,000 | ---D | C]
 Logishrd -> C:\Users\Owner\AppData\Roaming\Logishrd -> [2013/01/06 18:37:42 | 000,000,000 | ---D | C]
 atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/21 03:00:18 | 000,367,616 | ---- | C] (Adobe Systems Incorporated)
 atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/21 03:00:18 | 000,046,080 | ---- | C] (Adobe Systems)
 atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/21 03:00:18 | 000,034,304 | ---- | C] (Adobe Systems)
 atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/21 03:00:17 | 000,295,424 | ---- | C] (Adobe Systems Incorporated)
 Skype -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype -> [2012/12/12 03:22:27 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files (x86)\Common Files\Skype -> [2012/12/12 03:22:27 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files (x86)\Skype -> [2012/12/12 03:22:25 | 000,000,000 | R--D | C]
 dpnet.dll -> C:\Windows\SysNative\dpnet.dll -> [2012/12/11 13:24:54 | 000,478,208 | ---- | C] (Microsoft Corporation)
 dpnet.dll -> C:\Windows\SysWow64\dpnet.dll -> [2012/12/11 13:24:54 | 000,376,832 | ---- | C] (Microsoft Corporation)
 HPDiscoPM5912.dll -> C:\Windows\SysNative\HPDiscoPM5912.dll -> [2012/11/27 19:48:16 | 000,741,480 | ---- | C] (Hewlett-Packard Co.)
 HP -> C:\Program Files\HP -> [2012/11/27 19:48:04 | 000,000,000 | ---D | C]
 Microsoft Mouse and Keyboard Center -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center -> [2012/11/27 19:27:15 | 000,000,000 | ---D | C]
 Microsoft Mouse and Keyboard Center -> C:\Program Files\Microsoft Mouse and Keyboard Center -> [2012/11/27 19:26:55 | 000,000,000 | ---D | C]
 RdpGroupPolicyExtension.dll -> C:\Windows\SysNative\RdpGroupPolicyExtension.dll -> [2012/11/27 19:26:23 | 000,015,360 | ---- | C] (Microsoft Corporation)
 TsUsbRedirectionGroupPolicyExtension.dll -> C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll -> [2012/11/27 19:26:23 | 000,013,312 | ---- | C] (Microsoft Corporation)
 TsUsbRedirectionGroupPolicyControl.exe -> C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe -> [2012/11/27 19:26:23 | 000,013,312 | ---- | C] (Microsoft Corporation)
 TsUsbFlt.sys -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2012/11/27 19:26:22 | 000,057,856 | ---- | C] (Microsoft Corporation)
 TsUsbGD.sys -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2012/11/27 19:26:22 | 000,030,208 | ---- | C] (Microsoft Corporation)
 rdpvideominiport.sys -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2012/11/27 19:26:22 | 000,019,456 | ---- | C] (Microsoft Corporation)
 mstscax.dll -> C:\Windows\SysWow64\mstscax.dll -> [2012/11/27 19:26:21 | 004,916,224 | ---- | C] (Microsoft Corporation)
 rdpcorets.dll -> C:\Windows\SysNative\rdpcorets.dll -> [2012/11/27 19:26:21 | 003,174,912 | ---- | C] (Microsoft Corporation)
 mstsc.exe -> C:\Windows\SysNative\mstsc.exe -> [2012/11/27 19:26:21 | 001,123,840 | ---- | C] (Microsoft Corporation)
 mstsc.exe -> C:\Windows\SysWow64\mstsc.exe -> [2012/11/27 19:26:21 | 001,048,064 | ---- | C] (Microsoft Corporation)
 wksprt.exe -> C:\Windows\SysNative\wksprt.exe -> [2012/11/27 19:26:21 | 000,384,000 | ---- | C] (Microsoft Corporation)
 aaclient.dll -> C:\Windows\SysNative\aaclient.dll -> [2012/11/27 19:26:21 | 000,322,560 | ---- | C] (Microsoft Corporation)
 aaclient.dll -> C:\Windows\SysWow64\aaclient.dll -> [2012/11/27 19:26:21 | 000,269,312 | ---- | C] (Microsoft Corporation)
 rdpudd.dll -> C:\Windows\SysNative\rdpudd.dll -> [2012/11/27 19:26:21 | 000,243,200 | ---- | C] (Microsoft Corporation)
 rdpendp_winip.dll -> C:\Windows\SysNative\rdpendp_winip.dll -> [2012/11/27 19:26:21 | 000,228,864 | ---- | C] (Microsoft Corporation)
 rdpendp_winip.dll -> C:\Windows\SysWow64\rdpendp_winip.dll -> [2012/11/27 19:26:21 | 000,192,000 | ---- | C] (Microsoft Corporation)
 TSWbPrxy.exe -> C:\Windows\SysNative\TSWbPrxy.exe -> [2012/11/27 19:26:21 | 000,062,976 | ---- | C] (Microsoft Corporation)
 MsRdpWebAccess.dll -> C:\Windows\SysNative\MsRdpWebAccess.dll -> [2012/11/27 19:26:21 | 000,054,272 | ---- | C] (Microsoft Corporation)
 MsRdpWebAccess.dll -> C:\Windows\SysWow64\MsRdpWebAccess.dll -> [2012/11/27 19:26:21 | 000,046,592 | ---- | C] (Microsoft Corporation)
 tsgqec.dll -> C:\Windows\SysNative\tsgqec.dll -> [2012/11/27 19:26:21 | 000,044,032 | ---- | C] (Microsoft Corporation)
 TsUsbGDCoInstaller.dll -> C:\Windows\SysNative\TsUsbGDCoInstaller.dll -> [2012/11/27 19:26:21 | 000,043,520 | ---- | C] (Microsoft Corporation)
 tsgqec.dll -> C:\Windows\SysWow64\tsgqec.dll -> [2012/11/27 19:26:21 | 000,037,376 | ---- | C] (Microsoft Corporation)
 wksprtPS.dll -> C:\Windows\SysNative\wksprtPS.dll -> [2012/11/27 19:26:21 | 000,018,432 | ---- | C] (Microsoft Corporation)
 wksprtPS.dll -> C:\Windows\SysWow64\wksprtPS.dll -> [2012/11/27 19:26:21 | 000,016,896 | ---- | C] (Microsoft Corporation)
 mstscax.dll -> C:\Windows\SysNative\mstscax.dll -> [2012/11/27 19:26:20 | 005,773,824 | ---- | C] (Microsoft Corporation)
 lsasrv.dll -> C:\Windows\SysNative\lsasrv.dll -> [2012/11/27 19:23:21 | 001,448,448 | ---- | C] (Microsoft Corporation)
 ProgSense -> C:\Users\Owner\AppData\Roaming\ProgSense -> [2012/11/26 23:33:58 | 000,000,000 | ---D | C]
 Downloads -> C:\Downloads -> [2012/11/26 23:33:58 | 000,000,000 | ---D | C]
 Orbit -> C:\Users\Owner\AppData\Roaming\Orbit -> [2012/11/26 23:30:38 | 000,000,000 | ---D | C]
 ESN -> C:\Users\Owner\AppData\Local\ESN -> [2012/11/25 19:54:44 | 000,000,000 | ---D | C]
 1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> 
 
[Files/Folders - Modified Within 90 Days]
 OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2013/02/14 06:58:50 | 000,646,656 | ---- | M] (OldTimer Tools)
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/02/14 06:49:00 | 000,000,830 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/02/14 06:36:00 | 000,000,896 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/02/14 03:38:03 | 000,022,096 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/02/14 03:38:03 | 000,022,096 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2013/02/14 03:35:03 | 000,782,838 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2013/02/14 03:35:03 | 000,662,972 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2013/02/14 03:35:03 | 000,121,840 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/02/14 03:31:10 | 000,000,892 | ---- | M] ()
 ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job -> C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job -> [2013/02/14 03:31:09 | 000,000,828 | ---- | M] ()
 WPRO_41_2001.sys -> C:\Windows\SysNative\drivers\WPRO_41_2001.sys -> [2013/02/14 03:30:49 | 000,034,752 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2013/02/14 03:30:39 | 000,420,088 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2013/02/14 03:30:31 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2013/02/14 03:30:11 | 4211,900,414 | -HS- | M] ()
 TrojanMedfos.B removal - Shortcut.lnk -> C:\Users\Owner\Desktop\TrojanMedfos.B removal - Shortcut.lnk -> [2013/02/13 22:28:13 | 000,003,061 | ---- | M] ()
 PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2013/02/13 20:19:12 | 000,281,520 | ---- | M] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2013/02/13 20:19:12 | 000,281,520 | ---- | M] ()
 PnkBstrB.ex0 -> C:\Windows\SysWow64\PnkBstrB.ex0 -> [2013/02/13 20:13:22 | 000,281,520 | ---- | M] ()
 XGU site.url -> C:\Users\Owner\Desktop\XGU site.url -> [2013/02/13 19:58:37 | 000,000,193 | ---- | M] ()
 ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job -> C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job -> [2013/02/13 13:13:01 | 000,000,830 | ---- | M] ()
 hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2013/02/12 18:35:10 | 000,000,027 | ---- | M] ()
 ComboFix.exe -> C:\Users\Owner\Desktop\ComboFix.exe -> [2013/02/12 18:27:49 | 005,033,736 | R--- | M] (Swearware)
 census.cache -> C:\Users\Owner\AppData\Local\census.cache -> [2013/02/12 02:37:43 | 006,109,848 | ---- | M] ()
 ars.cache -> C:\Users\Owner\AppData\Local\ars.cache -> [2013/02/12 02:35:02 | 000,123,618 | ---- | M] ()
 DCEBOOT.RST -> C:\Windows\DCEBOOT.RST -> [2013/02/11 22:46:43 | 000,000,398 | ---- | M] ()
 DCEBoot64.exe -> C:\Windows\DCEBoot64.exe -> [2013/02/11 22:45:50 | 000,022,064 | ---- | M] ()
 housecall.guid.cache -> C:\Users\Owner\AppData\Local\housecall.guid.cache -> [2013/02/11 22:39:32 | 000,000,036 | ---- | M] ()
 TrojanJS-Medfos.B infection - Tech Support Guy Forums.url -> C:\Users\Owner\Desktop\TrojanJS-Medfos.B infection - Tech Support Guy Forums.url -> [2013/02/11 18:17:48 | 000,001,177 | ---- | M] ()
 h4zzyvoq.exe -> C:\Users\Owner\Desktop\h4zzyvoq.exe -> [2013/02/11 17:47:49 | 000,365,568 | ---- | M] ()
 dds.scr -> C:\Users\Owner\Desktop\dds.scr -> [2013/02/11 17:46:40 | 000,688,992 | R--- | M] (Swearware)
 HijackThis.exe -> C:\Users\Owner\Desktop\HijackThis.exe -> [2013/02/11 17:46:05 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 Secunia scanner.url -> C:\Users\Owner\Desktop\Secunia scanner.url -> [2013/02/11 17:44:00 | 000,000,262 | ---- | M] ()
 indychauffuer's channel - Wright Bros.url -> C:\Users\Owner\Desktop\indychauffuer's channel - Wright Bros.url -> [2013/02/10 23:37:24 | 000,000,304 | ---- | M] ()
 Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more!.url -> C:\Users\Owner\Desktop\Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more!.url -> [2013/02/10 23:32:51 | 000,000,828 | ---- | M] ()
 Pirate Bay.url -> C:\Users\Owner\Desktop\Pirate Bay.url -> [2013/02/08 16:40:31 | 000,000,214 | ---- | M] ()
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/02/08 07:49:29 | 000,697,712 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/02/08 07:49:29 | 000,074,096 | ---- | M] (Adobe Systems Incorporated)
 L319 Gallery.url -> C:\Users\Owner\Desktop\L319 Gallery.url -> [2013/02/05 21:44:53 | 000,000,270 | ---- | M] ()
 L319-lina - Google Search.url -> C:\Users\Owner\Desktop\L319-lina - Google Search.url -> [2013/02/05 21:39:24 | 000,000,463 | ---- | M] ()
 wrap_oal.dll -> C:\Windows\SysNative\wrap_oal.dll -> [2013/01/31 23:52:20 | 000,419,840 | ---- | M] (Creative Labs)
 wrap_oal.dll -> C:\Windows\SysWow64\wrap_oal.dll -> [2013/01/31 23:52:20 | 000,413,696 | ---- | M] (Creative Labs)
 OpenAL32.dll -> C:\Windows\SysNative\OpenAL32.dll -> [2013/01/31 23:52:20 | 000,111,616 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 OpenAL32.dll -> C:\Windows\SysWow64\OpenAL32.dll -> [2013/01/31 23:52:20 | 000,102,400 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 Cmicnfgp.ini.cfl -> C:\Windows\Cmicnfgp.ini.cfl -> [2013/01/31 23:52:07 | 000,063,381 | ---- | M] ()
 Cmicnfgp.ini.imi -> C:\Windows\Cmicnfgp.ini.imi -> [2013/01/31 23:52:07 | 000,000,961 | ---- | M] ()
 Cmicnfgp.ini -> C:\Windows\System\Cmicnfgp.ini -> [2013/01/31 23:52:07 | 000,000,900 | ---- | M] ()
 Dlap.pfx -> C:\Windows\System\Dlap.pfx -> [2013/01/31 23:52:07 | 000,000,140 | ---- | M] ()
 .backup.dm -> C:\Users\Owner\AppData\Roaming\.backup.dm -> [2013/01/20 12:24:27 | 000,000,288 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2013/01/19 11:53:34 | 000,001,109 | ---- | M] ()
 TeamWarfare League™ Community Based Gaming.url -> C:\Users\Owner\Desktop\TeamWarfare League™ Community Based Gaming.url -> [2013/01/12 12:46:58 | 000,001,115 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2013/01/09 03:08:47 | 000,776,562 | ---- | M] ()
 GiosPdfSplitterMerger.lnk -> C:\Users\Owner\Desktop\GiosPdfSplitterMerger.lnk -> [2013/01/09 00:11:12 | 000,004,696 | ---- | M] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2013/01/08 22:08:06 | 000,076,888 | ---- | M] ()
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2013/01/08 17:19:09 | 002,312,704 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2013/01/08 17:11:06 | 001,494,528 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2013/01/08 17:10:26 | 000,237,056 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2013/01/08 17:07:51 | 000,173,056 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2013/01/08 17:07:50 | 000,816,640 | ---- | M] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2013/01/08 17:07:47 | 000,599,040 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2013/01/08 17:06:39 | 000,729,088 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2013/01/08 17:04:58 | 000,096,768 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2013/01/08 17:00:48 | 000,248,320 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2013/01/08 14:03:12 | 001,427,968 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2013/01/08 14:01:48 | 000,231,936 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2013/01/08 13:59:02 | 000,142,848 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2013/01/08 13:58:43 | 000,717,824 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2013/01/08 13:56:37 | 000,073,216 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2013/01/08 13:53:13 | 000,176,640 | ---- | M] (Microsoft Corporation)
 LNonPnP.sys -> C:\Windows\SysNative\drivers\LNonPnP.sys -> [2013/01/06 18:38:17 | 000,018,960 | ---- | M] (Logitech, Inc.)
 ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2013/01/04 21:53:43 | 005,553,512 | ---- | M] (Microsoft Corporation)
 ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2013/01/04 21:00:15 | 003,967,848 | ---- | M] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2013/01/04 21:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation)
 winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2013/01/03 21:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation)
 wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2013/01/03 20:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation)
 setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2013/01/03 18:47:35 | 000,025,600 | ---- | M] (Microsoft Corporation)
 instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2013/01/03 18:47:34 | 000,007,680 | ---- | M] (Microsoft Corporation)
 user.exe -> C:\Windows\SysWow64\user.exe -> [2013/01/03 18:47:34 | 000,002,048 | ---- | M] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2013/01/03 18:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation)
 FWPKCLNT.SYS -> C:\Windows\SysNative\drivers\FWPKCLNT.SYS -> [2013/01/02 22:00:42 | 000,288,088 | ---- | M] (Microsoft Corporation)
 TeamViewer 8.lnk -> C:\Users\Public\Desktop\TeamViewer 8.lnk -> [2012/12/31 23:08:49 | 000,001,090 | ---- | M] ()
 http--xguclan.com-gigits-stats-.url -> C:\Users\Owner\Desktop\http--xguclan.com-gigits-stats-.url -> [2012/12/21 16:59:44 | 000,000,228 | ---- | M] ()
 TeamSpeak 3 Client.lnk -> C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> [2012/12/17 21:49:45 | 000,001,011 | ---- | M] ()
 Core Temp.lnk -> C:\Users\Owner\Desktop\Core Temp.lnk -> [2012/12/17 21:49:45 | 000,000,992 | ---- | M] ()
 CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2012/12/17 21:49:45 | 000,000,866 | ---- | M] ()
 atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems)
 atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated)
 atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated)
 atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems)
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation)
 Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2012/12/12 03:22:27 | 000,002,515 | ---- | M] ()
 Wpc.dll -> C:\Windows\SysNative\Wpc.dll -> [2012/12/07 05:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2012/12/07 05:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation)
 Wpc.dll -> C:\Windows\SysWow64\Wpc.dll -> [2012/12/07 04:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2012/12/07 04:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation)
 usk.rs -> C:\Windows\SysNative\usk.rs -> [2012/12/07 03:20:04 | 000,030,720 | ---- | M] (Microsoft)
 csrr.rs -> C:\Windows\SysNative\csrr.rs -> [2012/12/07 03:20:03 | 000,043,520 | ---- | M] (Microsoft)
 oflc.rs -> C:\Windows\SysNative\oflc.rs -> [2012/12/07 03:20:03 | 000,023,552 | ---- | M] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysNative\oflc-nz.rs -> [2012/12/07 03:20:01 | 000,045,568 | ---- | M] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysNative\pegibbfc.rs -> [2012/12/07 03:20:01 | 000,044,544 | ---- | M] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysNative\pegi-fi.rs -> [2012/12/07 03:20:01 | 000,020,480 | ---- | M] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysNative\pegi-pt.rs -> [2012/12/07 03:20:00 | 000,020,480 | ---- | M] (Microsoft)
 pegi.rs -> C:\Windows\SysNative\pegi.rs -> [2012/12/07 03:19:59 | 000,020,480 | ---- | M] (Microsoft)
 fpb.rs -> C:\Windows\SysNative\fpb.rs -> [2012/12/07 03:19:58 | 000,046,592 | ---- | M] (Microsoft)
 cob-au.rs -> C:\Windows\SysNative\cob-au.rs -> [2012/12/07 03:19:57 | 000,040,960 | ---- | M] (Microsoft)
 grb.rs -> C:\Windows\SysNative\grb.rs -> [2012/12/07 03:19:57 | 000,021,504 | ---- | M] (Microsoft)
 djctq.rs -> C:\Windows\SysNative\djctq.rs -> [2012/12/07 03:19:57 | 000,015,360 | ---- | M] (Microsoft)
 cero.rs -> C:\Windows\SysNative\cero.rs -> [2012/12/07 03:19:56 | 000,055,296 | ---- | M] (Microsoft)
 esrb.rs -> C:\Windows\SysNative\esrb.rs -> [2012/12/07 03:19:55 | 000,051,712 | ---- | M] (Microsoft)
 csrr.rs -> C:\Windows\SysWow64\csrr.rs -> [2012/12/07 02:46:42 | 000,043,520 | ---- | M] (Microsoft)
 usk.rs -> C:\Windows\SysWow64\usk.rs -> [2012/12/07 02:46:42 | 000,030,720 | ---- | M] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysWow64\oflc-nz.rs -> [2012/12/07 02:46:41 | 000,045,568 | ---- | M] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysWow64\pegibbfc.rs -> [2012/12/07 02:46:41 | 000,044,544 | ---- | M] (Microsoft)
 oflc.rs -> C:\Windows\SysWow64\oflc.rs -> [2012/12/07 02:46:41 | 000,023,552 | ---- | M] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysWow64\pegi-pt.rs -> [2012/12/07 02:46:41 | 000,020,480 | ---- | M] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysWow64\pegi-fi.rs -> [2012/12/07 02:46:40 | 000,020,480 | ---- | M] (Microsoft)
 fpb.rs -> C:\Windows\SysWow64\fpb.rs -> [2012/12/07 02:46:39 | 000,046,592 | ---- | M] (Microsoft)
 pegi.rs -> C:\Windows\SysWow64\pegi.rs -> [2012/12/07 02:46:39 | 000,020,480 | ---- | M] (Microsoft)
 grb.rs -> C:\Windows\SysWow64\grb.rs -> [2012/12/07 02:46:38 | 000,021,504 | ---- | M] (Microsoft)
 cob-au.rs -> C:\Windows\SysWow64\cob-au.rs -> [2012/12/07 02:46:37 | 000,040,960 | ---- | M] (Microsoft)
 djctq.rs -> C:\Windows\SysWow64\djctq.rs -> [2012/12/07 02:46:37 | 000,015,360 | ---- | M] (Microsoft)
 cero.rs -> C:\Windows\SysWow64\cero.rs -> [2012/12/07 02:46:36 | 000,055,296 | ---- | M] (Microsoft)
 esrb.rs -> C:\Windows\SysWow64\esrb.rs -> [2012/12/07 02:46:36 | 000,051,712 | ---- | M] (Microsoft)
 wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2012/11/29 21:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation)
 wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2012/11/29 21:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation)
 wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2012/11/29 21:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2012/11/29 21:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation)
 kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2012/11/29 21:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation)
 KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2012/11/29 21:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2012/11/29 19:23:48 | 000,338,432 | ---- | M] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2012/11/29 18:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/11/29 18:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2012/11/29 18:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2012/11/29 18:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 TWL 1vs1 Armor Ladder Match videos and commentary.url -> C:\Users\Owner\Desktop\TWL 1vs1 Armor Ladder Match videos and commentary.url -> [2012/11/28 06:33:46 | 000,002,406 | ---- | M] ()
 HP Officejet Pro 8600.lnk -> C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk -> [2012/11/27 19:48:16 | 000,002,200 | ---- | M] ()
 taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2012/11/22 19:13:57 | 000,068,608 | ---- | M] (Microsoft Corporation)
 usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2012/11/21 21:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation)
 ncrypt.dll -> C:\Windows\SysNative\ncrypt.dll -> [2012/11/19 21:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation)
 1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> 
 
[Files - No Company Name]
 TrojanMedfos.B removal - Shortcut.lnk -> C:\Users\Owner\Desktop\TrojanMedfos.B removal - Shortcut.lnk -> [2013/02/13 22:28:13 | 000,003,061 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2013/02/12 18:31:00 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2013/02/12 18:31:00 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2013/02/12 18:31:00 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2013/02/12 18:31:00 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2013/02/12 18:31:00 | 000,068,096 | ---- | C] ()
 DCEBOOT.RST -> C:\Windows\DCEBOOT.RST -> [2013/02/11 22:46:43 | 000,000,398 | ---- | C] ()
 DCEBoot64.exe -> C:\Windows\DCEBoot64.exe -> [2013/02/11 22:45:50 | 000,022,064 | ---- | C] ()
 census.cache -> C:\Users\Owner\AppData\Local\census.cache -> [2013/02/11 22:45:33 | 006,109,848 | ---- | C] ()
 ars.cache -> C:\Users\Owner\AppData\Local\ars.cache -> [2013/02/11 22:45:26 | 000,123,618 | ---- | C] ()
 housecall.guid.cache -> C:\Users\Owner\AppData\Local\housecall.guid.cache -> [2013/02/11 22:39:32 | 000,000,036 | ---- | C] ()
 TrojanJS-Medfos.B infection - Tech Support Guy Forums.url -> C:\Users\Owner\Desktop\TrojanJS-Medfos.B infection - Tech Support Guy Forums.url -> [2013/02/11 18:17:48 | 000,001,177 | ---- | C] ()
 h4zzyvoq.exe -> C:\Users\Owner\Desktop\h4zzyvoq.exe -> [2013/02/11 17:47:49 | 000,365,568 | ---- | C] ()
 Secunia scanner.url -> C:\Users\Owner\Desktop\Secunia scanner.url -> [2013/02/11 17:44:00 | 000,000,262 | ---- | C] ()
 Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more!.url -> C:\Users\Owner\Desktop\Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more!.url -> [2013/02/10 23:32:51 | 000,000,828 | ---- | C] ()
 XGU site.url -> C:\Users\Owner\Desktop\XGU site.url -> [2013/02/10 17:22:05 | 000,000,193 | ---- | C] ()
 Snipping Tool.lnk -> C:\Users\Owner\Desktop\Snipping Tool.lnk -> [2013/02/10 09:28:36 | 000,001,272 | ---- | C] ()
 Pirate Bay.url -> C:\Users\Owner\Desktop\Pirate Bay.url -> [2013/02/08 16:40:31 | 000,000,214 | ---- | C] ()
 L319 Gallery.url -> C:\Users\Owner\Desktop\L319 Gallery.url -> [2013/02/05 21:44:53 | 000,000,270 | ---- | C] ()
 L319-lina - Google Search.url -> C:\Users\Owner\Desktop\L319-lina - Google Search.url -> [2013/02/05 21:39:24 | 000,000,463 | ---- | C] ()
 .backup.dm -> C:\Users\Owner\AppData\Roaming\.backup.dm -> [2013/01/20 12:24:27 | 000,000,288 | ---- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2013/01/19 11:53:34 | 000,001,109 | ---- | C] ()
 TeamWarfare League™ Community Based Gaming.url -> C:\Users\Owner\Desktop\TeamWarfare League™ Community Based Gaming.url -> [2013/01/12 12:46:58 | 000,001,115 | ---- | C] ()
 GiosPdfSplitterMerger.lnk -> C:\Users\Owner\Desktop\GiosPdfSplitterMerger.lnk -> [2013/01/09 00:11:12 | 000,004,696 | ---- | C] ()
 pbsvc.exe -> C:\Windows\SysWow64\pbsvc.exe -> [2013/01/08 22:05:25 | 002,580,552 | ---- | C] ()
 TeamViewer 8.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk -> [2012/12/31 23:08:49 | 000,001,102 | ---- | C] ()
 TeamViewer 8.lnk -> C:\Users\Public\Desktop\TeamViewer 8.lnk -> [2012/12/31 23:08:49 | 000,001,090 | ---- | C] ()
 TWL 1vs1 Armor Ladder Match videos and commentary.url -> C:\Users\Owner\Desktop\TWL 1vs1 Armor Ladder Match videos and commentary.url -> [2012/11/28 06:33:46 | 000,002,406 | ---- | C] ()
 igdde32.dll -> C:\Windows\SysWow64\igdde32.dll -> [2012/10/10 02:22:34 | 000,064,512 | ---- | C] ()
 igvpkrng700.bin -> C:\Windows\SysWow64\igvpkrng700.bin -> [2012/10/10 02:22:32 | 000,598,780 | ---- | C] ()
 igcodeckrng700.bin -> C:\Windows\SysWow64\igcodeckrng700.bin -> [2012/10/10 02:22:16 | 000,755,048 | ---- | C] ()
 HsMgr.exe -> C:\Windows\SysWow64\HsMgr.exe -> [2012/08/22 19:14:11 | 000,200,704 | ---- | C] ()
 VmixP8.dll -> C:\Windows\SysWow64\VmixP8.dll -> [2012/08/22 19:14:11 | 000,143,360 | ---- | C] ()
 Cmicnfgp.ini.cfl -> C:\Windows\Cmicnfgp.ini.cfl -> [2012/08/22 19:14:11 | 000,063,381 | ---- | C] ()
 cmasiop.ini -> C:\Windows\SysWow64\cmasiop.ini -> [2012/08/22 19:14:11 | 000,000,048 | ---- | C] ()
 Cmicnfgp.ini.imi -> C:\Windows\Cmicnfgp.ini.imi -> [2012/08/22 18:48:34 | 000,000,961 | ---- | C] ()
 Cmicnfgp.ini.cfg -> C:\Windows\Cmicnfgp.ini.cfg -> [2012/08/22 18:48:31 | 000,005,060 | ---- | C] ()
 {EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2012/06/25 20:34:31 | 000,000,262 | ---- | C] ()
 Ament.ini -> C:\ProgramData\Ament.ini -> [2012/06/12 18:20:24 | 000,000,057 | ---- | C] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2012/06/05 18:13:14 | 000,281,520 | ---- | C] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2012/06/05 18:13:13 | 000,076,888 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2012/06/03 20:56:51 | 000,776,562 | ---- | C] ()
 igkrng700.bin -> C:\Windows\SysWow64\igkrng700.bin -> [2012/03/19 22:37:12 | 000,755,188 | ---- | C] ()
 igfcg700m.bin -> C:\Windows\SysWow64\igfcg700m.bin -> [2012/03/19 22:37:12 | 000,561,508 | ---- | C] ()
 IusEventLog.dll -> C:\Windows\SysWow64\IusEventLog.dll -> [2012/02/02 21:08:26 | 000,001,536 | ---- | C] ()
 LogiDPP.dll -> C:\Windows\SysWow64\LogiDPP.dll -> [2012/01/17 22:44:00 | 010,920,984 | ---- | C] ()
 DevManagerCore.dll -> C:\Windows\SysWow64\DevManagerCore.dll -> [2012/01/17 22:44:00 | 000,336,408 | ---- | C] ()
 LogiDPPApp.exe -> C:\Windows\SysWow64\LogiDPPApp.exe -> [2012/01/17 22:44:00 | 000,104,472 | ---- | C] ()
< End of report >
MnM3's Avatar
MnM3 MnM3 is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate
14-Feb-2013, 11:17 AM #8
Hmmm that was weird. I got a timeout when uploading the reply.
Since it doesn't look right, I'll attach the OTS log.

Mark
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,702 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Feb-2013, 04:41 PM #9
Start OTS. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


Code:
[Unregister Dlls]
[Registry - Safe List]
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "dmscsh" -> ["C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmscsh.dll",UnpackTuple]
YN -> "mdlwmt" -> ["C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\mdlwmt.dll",vExecTokenA]
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. And whether this fixed it
MnM3's Avatar
MnM3 MnM3 is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate
14-Feb-2013, 10:25 PM #10
Derek,

OTS fix completed.

See below for log file.

I'll reboot a couple times and also run a full MSE and Malwarebytes scans overnight to see if they find anything. I'll report findings.

BTW - What about my USB 2TB backup drive? I assume maybe I should delete old backups and do a new one when we feel this box is clean.

Thanks for your help once again.

Mark


All Processes Killed
[Registry - Safe List]
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmscsh deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mdlwmt deleted successfully.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: New folder
->Temp folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 6188 bytes
->Temporary Internet Files folder emptied: 11103024 bytes
->Java cache emptied: 1198334 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25936537 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 35283 bytes

Total Files Cleaned = 37.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: New folder

User: Owner
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: New folder

User: Owner
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02142013_181422
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
Registry entries deleted on Reboot...
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,702 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
15-Feb-2013, 05:21 AM #11
it should be all OK now
yes it would be sensible to delete old backups & create new ones now it is clean

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop
Please double-click OTS.exe to run it.

press clean-up & it will delete/uninstall all the tools we have used to fix your problems and all their backup folders and then delete itself when you next reboot
Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
MnM3's Avatar
MnM3 MnM3 is offline
Computer Specs
Member with 23 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate
15-Feb-2013, 11:41 PM #12
Derek,

I think you right.

I ran full scans and rebooted a couple times.
Nothing was found. Wahoo!!

I removed the serach and destroy software items as instructed and am running the updater program as I write this.

Thanks for all your help. Very much appreciated.

We can mark as closed.

Mark
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑