1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: X5XSEx

Discussion in 'Hardware' started by ALZN, Dec 2, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. ALZN

    ALZN Thread Starter

    Joined:
    Dec 2, 2012
    Messages:
    11
    Operating System: Windows 7
    Hello! I'm currently having a problem with the file 'X5XSEx' and I believe this is what's causing my computer to crash. In 'System Information' and under 'Problem Devices' it is listed:
    PNP Device ID: ROOT\LEGECY_X5XSEX\0000
    Error Code: This device is not present, is not working properly, or does not have all its drivers installed.
    After finding the problem device, I went to device manager and selected "Show hidden devices' under 'View"
    Afterward I scrolled down and found X5XSEx under 'Non-plug and Play Drivers'.
    After clicking on it, the Manufacturer and Location is listed as 'Unknown' and under the device status it reads: "This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)"
    I cannot start it up, nor is there any option to update it. How can this be fixed? :confused:
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,823
    that looks like free ride games player junkware , that needs removing


    follow advice here and post the logs those programs make
     
  3. ALZN

    ALZN Thread Starter

    Joined:
    Dec 2, 2012
    Messages:
    11
    Log from HijackThis:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:27:18 PM, on 12/2/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16455)
    Boot mode: Normal

    Running processes:
    C:\Users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe
    C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
    C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
    C:\ProgramData\Battle.net\Client\Blizzard Launcher.1881\Blizzard Launcher.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=do...tAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=do...tAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    R3 - URLSearchHook: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: FreeSoundRecorder - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120825210702.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: YouTube to MP3 Converter - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
    O3 - Toolbar: FreeSoundRecorder Toolbar - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2002660311-1004659573-2410536576-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2002660311-1004659573-2410536576-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
    O4 - Startup: CurseClientStartup.ccip
    O4 - Startup: Intel(R) Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 19570 bytes


    Will post other logs soon.
     
  4. ALZN

    ALZN Thread Starter

    Joined:
    Dec 2, 2012
    Messages:
    11
    DDS Logs
    Log One:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
    Run by melanie at 16:48:10 on 2012-12-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5427 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe
    C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
    C:\Users\melanie\AppData\Local\Apps\2.0\7XXME804.RG2\V0J9ECX9.3VE\curs..tion_9e9e83ddf3ed3ead_0005.0001_dafeadaaa30c70ac\CurseClient.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Users\melanie\AppData\Local\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
    C:\ProgramData\Battle.net\Client\Blizzard Launcher.1881\Blizzard Launcher.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
    mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
    uURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
    mURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120825210702.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: YouTube to MP3 Converter: {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
    TB: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Akamai NetSession Interface] "C:\Users\melanie\AppData\Local\Akamai\netsession_win.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    StartupFolder: C:\Users\melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\melanie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{6EBA2D7E-92A1-4CF8-9921-9AB14D350156} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{6EBA2D7E-92A1-4CF8-9921-9AB14D350156}\2375942554832373 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{6EBA2D7E-92A1-4CF8-9921-9AB14D350156}\36F6374716 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{6EBA2D7E-92A1-4CF8-9921-9AB14D350156}\46C696E6B6 : DHCPNameServer = 192.168.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120626203838.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
    x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
    FF - prefs.js: keyword.URL -
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\melanie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-11-14 21:00; [email protected]; C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\extensions\[email protected]
    FF - ExtSQL: 2012-11-14 21:01; {32b29df0-2237-4370-9a29-37cebb730e9b}; C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
    FF - ExtSQL: 2012-11-15 20:16; [email protected]; C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994&q=
    FF - user.js: extensions.funmoods.id - 848F69C47514F752
    FF - user.js: extensions.funmoods.instlDay - 15658
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:59:59
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - download
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - download
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 752672]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 335784]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-21 55856]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-1-21 21616]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-14 283200]
    R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-10-8 284008]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-1-21 98208]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-1-21 237920]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-1-21 218320]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-1-21 177144]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
    R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-6-25 331512]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-21 1692480]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-2 6583160]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-27 3027840]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-2 528760]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-21 2656280]
    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-1-21 27760]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 69672]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-1-21 176096]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 300392]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 513456]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-1-21 82432]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-1-21 181760]
    R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);C:\Windows\System32\drivers\qcfilterdl2k.sys [2012-1-21 6400]
    R3 qcusbnetdl2k;Gobi 2000 USB-NDIS miniport(413C-8186);C:\Windows\System32\drivers\qcusbnetdl2k.sys [2012-1-21 443392]
    R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);C:\Windows\System32\drivers\qcusbserdl2k.sys [2012-1-21 230784]
    R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-1-21 29288]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-21 428136]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-26 196440]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-1-21 158976]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-1-21 224704]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106112]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-1-21 121960]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-12-02 20:15:32 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\offreg.dll
    2012-12-02 19:13:32 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2012
    2012-12-02 19:09:06 -------- d-----w- C:\Users\melanie\AppData\Local\Avg2013
    2012-12-02 19:01:03 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
    2012-12-02 18:49:27 -------- d-----w- C:\Program Files (x86)\RegistryNuke 2012
    2012-12-02 15:59:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-02 15:59:22 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-02 01:31:51 35192 ----a-w- C:\Windows\System32\TURegOpt.exe
    2012-12-02 01:31:51 26488 ----a-w- C:\Windows\System32\authuitu.dll
    2012-12-02 01:31:50 21880 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2012-12-02 01:31:17 -------- d-----w- C:\Users\melanie\AppData\Roaming\AVG
    2012-12-02 01:30:05 -------- d-----w- C:\ProgramData\AVG
    2012-12-02 01:29:46 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-12-01 23:34:17 -------- d-----w- C:\Program Files (x86)\World of Warcraft
    2012-12-01 22:38:09 -------- d-----w- C:\Users\melanie\AppData\Roaming\TuneUp Software
    2012-12-01 22:36:34 -------- d-----w- C:\Program Files (x86)\AVG
    2012-12-01 21:30:48 -------- d-----w- C:\Users\melanie\AppData\Local\MFAData
    2012-12-01 21:30:48 -------- d-----w- C:\ProgramData\MFAData
    2012-12-01 20:49:46 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
    2012-12-01 20:49:42 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
    2012-12-01 16:15:47 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-12-01 16:15:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-01 16:11:28 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2012-11-30 20:13:38 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\mpengine.dll
    2012-11-24 15:03:52 -------- d-----w- C:\Users\melanie\AppData\Roaming\Auslogics
    2012-11-24 15:02:57 -------- d-----w- C:\Program Files (x86)\Auslogics
    2012-11-19 19:54:29 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-19 19:54:29 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-19 19:54:29 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-19 19:54:29 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-18 15:47:05 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-18 15:47:05 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-18 15:47:04 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-18 15:47:04 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-18 15:47:04 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-18 15:47:04 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-18 15:47:04 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-15 02:01:23 -------- d-----w- C:\Program Files (x86)\FreeSoundRecorder
    2012-11-15 02:01:19 -------- d-----w- C:\Users\melanie\AppData\Roaming\Free Sound Recorder
    2012-11-15 02:01:15 602112 ----a-w- C:\Windows\SysWow64\NCTAudioTransform2.dll
    2012-11-15 02:01:15 479232 ----a-w- C:\Windows\SysWow64\NCTAudioVisualization2.dll
    2012-11-15 02:01:15 417792 ----a-w- C:\Windows\SysWow64\NCTTextToAudio2.dll
    2012-11-15 02:01:15 348160 ----a-w- C:\Windows\SysWow64\NCTWMAFile2.dll
    2012-11-15 02:01:14 880640 ----a-w- C:\Windows\SysWow64\NCTAudioEditor2.dll
    2012-11-15 02:01:14 835584 ----a-w- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
    2012-11-15 02:01:14 458752 ----a-w- C:\Windows\SysWow64\NCTAudioRecord2.dll
    2012-11-15 02:01:14 458752 ----a-w- C:\Windows\SysWow64\NCTAudioPlayer2.dll
    2012-11-15 02:01:14 1986560 ----a-w- C:\Windows\SysWow64\NCTAudioFile2.dll
    2012-11-15 02:01:14 1212416 ----a-w- C:\Windows\SysWow64\NCTAudioInformation2.dll
    2012-11-15 02:01:14 -------- d-----w- C:\Program Files (x86)\Free Sound Recorder
    2012-11-12 01:36:07 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2012-11-12 01:34:07 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
    2012-11-12 01:33:10 -------- d-----w- C:\Program Files (x86)\HP
    2012-11-12 01:32:06 -------- d-----w- C:\Program Files\HP
    .
    ==================== Find3M ====================
    .
    2012-12-01 16:15:34 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-10-22 22:39:58 12887552 ----a-w- C:\Windows\System32\ig4icd64.dll
    2012-10-22 22:39:56 10674176 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
    2012-10-22 22:39:54 5903392 ----a-w- C:\Windows\System32\GfxUI.exe
    2012-10-22 22:39:54 399392 ----a-w- C:\Windows\System32\hkcmd.exe
    2012-10-22 22:39:54 173568 ----a-w- C:\Windows\System32\gfxSrvc.dll
    2012-10-22 22:39:54 110592 ----a-w- C:\Windows\System32\hccutils.dll
    2012-10-22 22:39:50 185376 ----a-w- C:\Windows\System32\difx64.exe
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 21:08:26 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-10-02 19:50:57 866664 ----a-w- C:\Windows\System32\nv3dappshext.dll
    2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-10-02 19:50:57 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll
    2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 16:48:46.14 ===============

    Log Two:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/25/2012 11:51:45 AM
    System Uptime: 12/2/2012 2:21:55 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0NJT03
    Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU | 2201/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 679 GiB total, 414.392 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: X5XSEx
    Device ID: ROOT\LEGACY_X5XSEX\0000
    Manufacturer:
    Name: X5XSEx
    PNP Device ID: ROOT\LEGACY_X5XSEX\0000
    Service: X5XSEx
    .
    ==== System Restore Points ===================
    .
    RP181: 11/27/2012 11:13:02 AM - Windows Update
    RP182: 11/28/2012 7:01:45 PM - Windows Update
    RP183: 12/1/2012 11:14:18 AM - Installed Java 7 Update 9
    RP184: 12/1/2012 5:35:32 PM - Installed AVG 2013
    RP185: 12/1/2012 5:36:55 PM - Installed AVG 2013
    RP186: 12/1/2012 8:30:14 PM - Installed AVG PC TuneUp
    RP187: 12/2/2012 8:31:35 AM - Removed eBay
    RP188: 12/2/2012 1:54:24 PM - Removed Steam
    RP189: 12/2/2012 2:07:49 PM - Removed AVG 2013
    RP190: 12/2/2012 2:09:08 PM - Removed AVG 2013
    .
    ==== Installed Programs ======================
    .
    µTorrent
    AccelerometerP11
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.4) MUI
    Advanced Audio FX Engine
    Akamai NetSession Interface
    Amazon Kindle
    Amnesia - The Dark Descent
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auslogics BoostSpeed
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (en-US)
    Avid Studio
    Bamboo
    Bamboo Dock
    Blio
    Bonjour
    Cozi
    Curse Client
    D3DX10
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Digital Delivery
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Mobile Broadband Utility
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell Support Center
    Dell VideoStage
    Dell Webcam Central
    DirectX 9 Runtime
    eBay
    Eusing Free Registry Cleaner
    Free Sound Recorder v9.3.1
    FreeSoundRecorder Toolbar
    Google Chrome
    High-Definition Video Playback
    InstallVC90Support
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel(R) Turbo Boost Technology Monitor 2.0
    Intel(R) WiDi
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 7 Update 1 (64-bit)
    Junk Mail filter update
    McAfee SecurityCenter
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA Optimus 1.10.8
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Pando Media Booster
    PDF Settings CS5
    PhotoShowExpress
    Pinnacle Video Driver
    PlayReady PC Runtime x86
    Portal 1 version 1.0
    Qualcomm Gobi 2000 Package for Dell
    Quickset64
    RBVirtualFolder64Inst
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Roxio File Backup
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    Shared C Run-time for x64
    Skype&#8482; 5.10
    Sonic CinePlayer Decoder Pack
    Synaptics Pointing Device Driver
    SyncUP
    System Requirements Lab CYRI
    TeamViewer 7
    The Sims 3 Ultimate Bundle
    The Sims&#8482; 3
    The Sims&#8482; 3 Generations
    The Sims&#8482; 3 Master Suite Stuff
    The Sims&#8482; 3 Pets
    The Sims&#8482; 3 Town Life Stuff
    TrustedID
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Ventrilo Client
    Visual Studio 2010 x64 Redistributables
    VOCALOID Expression DB (Leon)
    VOCALOID Expression DB (Standard)
    VOCALOID Voice DB (Leon)
    WebTablet FB Plugin
    WebTablet IE Plugin
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.11 (32-bit)
    World of Warcraft
    YouTube to MP3 Converter
    Zinio Reader 4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/2/2012 9:33:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    12/2/2012 4:45:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    12/2/2012 3:35:18 PM, Error: Service Control Manager [7000] - The X5XSEx service failed to start due to the following error: The system cannot find the path specified.
    12/2/2012 2:29:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    12/2/2012 2:25:01 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
    12/2/2012 12:01:11 PM, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
    12/2/2012 12:00:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff8880aa8fff8, 0x0000000000000002, 0x0000000000000001, 0xfffff8800f415046). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120212-34725-01.
    12/2/2012 11:35:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
    12/2/2012 1:39:45 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    12/1/2012 5:32:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff8882328fff8, 0x0000000000000002, 0x0000000000000001, 0xfffff8800f398046). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120112-20373-01.
    12/1/2012 4:26:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff8880ab7fff8, 0x0000000000000002, 0x0000000000000001, 0xfffff8800f556046). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120112-21855-01.
    11/30/2012 6:17:33 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    11/30/2012 5:55:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800d9fe4e0, 0xfffff8800f4568f4, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 113012-17784-01.
    11/29/2012 3:02:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8009531a10, 0xfffff80000b9c3d8, 0xfffffa80078f8e10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112912-20482-01.
    11/28/2012 7:02:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
    11/28/2012 5:39:11 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
    11/27/2012 4:04:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000117 (0xfffffa800cf4a120, 0xfffff8800f3968f4, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\112712-15537-01.dmp. Report Id: 112712-15537-01.
    11/25/2012 6:50:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    .
    ==== End Of File ===========================
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,823
    first
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click delete.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[S1].txt.
     
  6. ALZN

    ALZN Thread Starter

    Joined:
    Dec 2, 2012
    Messages:
    11
    File Contents from AdwCleaner:
    # AdwCleaner v2.011 - Logfile created 12/02/2012 at 17:18:49
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : melanie - MELANIE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\melanie\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\user.js
    File Deleted : C:\Users\melanie\AppData\Local\funmoods.crx
    File Deleted : C:\Users\melanie\AppData\Local\funmoods-speeddial_sf.crx
    File Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\searchplugins\funmoods.xml
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\FreeSoundRecorder
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\Users\melanie\AppData\Local\Babylon
    Folder Deleted : C:\Users\melanie\AppData\Local\Conduit
    Folder Deleted : C:\Users\melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Folder Deleted : C:\Users\melanie\AppData\Local\Temp\avg@toolbar
    Folder Deleted : C:\Users\melanie\AppData\Local\Temp\BabylonToolbar
    Folder Deleted : C:\Users\melanie\AppData\Local\Temp\CT2704262
    Folder Deleted : C:\Users\melanie\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\melanie\AppData\LocalLow\FreeSoundRecorder
    Folder Deleted : C:\Users\melanie\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\CT2704262
    Folder Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
    Folder Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\extensions\[email protected]
    Folder Deleted : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\Smartbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\FreeSoundRecorder
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\FreeSoundRecorder
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E72EB3-4FBF-4944-8C25-8A54C9DEE378}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C76877FE-6708-4501-BF23-8301ED363C99}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoundRecorder Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Key Deleted : HKU\S-1-5-21-2002660311-1004659573-2410536576-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKU\S-1-5-21-2002660311-1004659573-2410536576-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyEyByDtCyE0FyByDtBtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=410356994 --> hxxp://www.google.com

    -\\ Mozilla Firefox v16.0.1 (en-US)

    Profile name : default
    File : C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\prefs.js

    C:\Users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\user.js ... Deleted !

    Deleted : user_pref("CT2704262.1000082.isDisplayHidden", "true");
    Deleted : user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT2704262.2704262a129531303481232105000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU0Mz[...]
    Deleted : user_pref("CT2704262.CBOpenMAMSettings.enc", "MA==");
    Deleted : user_pref("CT2704262.CT2704262ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY3MzIlMj[...]
    Deleted : user_pref("CT2704262.CT2704262current_term.enc", "cGl6emEraHV0");
    Deleted : user_pref("CT2704262.CT2704262sdate.enc", "LTE=");
    Deleted : user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2704262.FirstTime", "true");
    Deleted : user_pref("CT2704262.FirstTimeFF3", "true");
    Deleted : user_pref("CT2704262.LoginRevertSettingsEnabled", false);
    Deleted : user_pref("CT2704262.PrintItGreenStatus.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT2704262.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpd[...]
    Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000ReadItemsArr.enc", "JTdCJTIyaHR0cCUzQSUyR[...]
    Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat0.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
    Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat1.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
    Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat2.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
    Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat3.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
    Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion.enc", "Mi41LjA=");
    Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000feedsObj.enc", "JTdCJTIyY2hhbm5lbHMlMjIlM[...]
    Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime.enc", "MTM1NDMyMTM2OTU2NiA[...]
    Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds.enc", "bmV3RmVlZHM=");
    Deleted : user_pref("CT2704262.RevertSettingsEnabled", true);
    Deleted : user_pref("CT2704262.UserID", "UN39444267476307553");
    Deleted : user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2704262.autoDisableScopes", 0);
    Deleted : user_pref("CT2704262.cbcountry_001.enc", "VVM=");
    Deleted : user_pref("CT2704262.cbfirsttime.enc", "VGh1IE5vdiAxNSAyMDEyIDIwOjE2OjMyIEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
    Deleted : user_pref("CT2704262.defaultSearch", "false");
    Deleted : user_pref("CT2704262.embeddedsData", "[{\"appId\":\"129234816889425546\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2704262.enableAlerts", "false");
    Deleted : user_pref("CT2704262.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT2704262.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT2704262.fixPageNotFoundError", "true");
    Deleted : user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2704262.fixUrls", true);
    Deleted : user_pref("CT2704262.hxxp___cdn_printitgreen_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLGhzY3JvbGw[...]
    Deleted : user_pref("CT2704262.installId", "conduitnsisintegration");
    Deleted : user_pref("CT2704262.installType", "conduitnsisintegration");
    Deleted : user_pref("CT2704262.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2704262.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT2704262.isNewTabEnabled", false);
    Deleted : user_pref("CT2704262.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2704262.migrateAppsAndComponents", true);
    Deleted : user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
    Deleted : user_pref("CT2704262.openThankYouPage", "false");
    Deleted : user_pref("CT2704262.openUninstallPage", "true");
    Deleted : user_pref("CT2704262.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
    Deleted : user_pref("CT2704262.price-gong.isManagedApp", "true");
    Deleted : user_pref("CT2704262.revertSettingsEnabled", "false");
    Deleted : user_pref("CT2704262.search.searchAppId", "129234816889425546");
    Deleted : user_pref("CT2704262.search.searchCount", "0");
    Deleted : user_pref("CT2704262.searchInNewTabEnabled", "false");
    Deleted : user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1354321451579");
    Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1354321451756");
    Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "13543214517[...]
    Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1354321451842"[...]
    Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1354321451620");
    Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1354321451668")[...]
    Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1354321452425");
    Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1354321451917");
    Deleted : user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354027507685");
    Deleted : user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1354027270558");
    Deleted : user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1354321444355");
    Deleted : user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354321564247");
    Deleted : user_pref("CT2704262.serviceLayer_services_login_10.13.40.15_lastUpdate", "1354321444470");
    Deleted : user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354321564349");
    Deleted : user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1354321444618");
    Deleted : user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1354321444032");
    Deleted : user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354321564156");
    Deleted : user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1354321444175");
    Deleted : user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1354321445286");
    Deleted : user_pref("CT2704262.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
    Deleted : user_pref("CT2704262.serviceLayer_services_userApps_lastUpdate", "1354027270494");
    Deleted : user_pref("CT2704262.settingsINI", true);
    Deleted : user_pref("CT2704262.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT2704262.smartbar.CTID", "CT2704262");
    Deleted : user_pref("CT2704262.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");
    Deleted : user_pref("CT2704262.startPage", "false");
    Deleted : user_pref("CT2704262.toolbarBornServerTime", "16-11-2012");
    Deleted : user_pref("CT2704262.toolbarCurrentServerTime", "1-12-2012");
    Deleted : user_pref("CT2704262.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...]
    Deleted : user_pref("CT2704262_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
    Deleted : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2X[...]
    Deleted : user_pref("extensions.funmoods.aflt", "download");
    Deleted : user_pref("extensions.funmoods.autoRvrt", false);
    Deleted : user_pref("extensions.funmoods.cntry", "US");
    Deleted : user_pref("extensions.funmoods.cv", "cv5");
    Deleted : user_pref("extensions.funmoods.dfltLng", "");
    Deleted : user_pref("extensions.funmoods.dfltSrch", true);
    Deleted : user_pref("extensions.funmoods.dnsErr", true);
    Deleted : user_pref("extensions.funmoods.envrmnt", "production");
    Deleted : user_pref("extensions.funmoods.excTlbr", false);
    Deleted : user_pref("extensions.funmoods.hdrMd5", "8DEDCED612555A8E32DAF471213F3867");
    Deleted : user_pref("extensions.funmoods.hmpg", true);
    Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
    Deleted : user_pref("extensions.funmoods.id", "848F69C47514F752");
    Deleted : user_pref("extensions.funmoods.instlDay", "15658");
    Deleted : user_pref("extensions.funmoods.instlRef", "download");
    Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:59:59");
    Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Deleted : user_pref("extensions.funmoods.newTab", true);
    Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
    Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
    Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Deleted : user_pref("extensions.funmoods.sg", "none");
    Deleted : user_pref("extensions.funmoods.smplGrp", "none");
    Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
    Deleted : user_pref("extensions.funmoods.tlbrId", "base");
    Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
    Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:59:59");
    Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Deleted : user_pref("extensions.funmoods_i.newTab", true);
    Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
    Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:59:59");

    -\\ Google Chrome v23.0.1271.95

    File : C:\Users\melanie\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S2].txt - [19955 octets] - [02/12/2012 17:18:49]

    ########## EOF - C:\AdwCleaner[S2].txt - [20016 octets] ##########
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,823
    next

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  8. ALZN

    ALZN Thread Starter

    Joined:
    Dec 2, 2012
    Messages:
    11
    ComboFix 12-12-02.01 - melanie 12/02/2012 19:03:43.1.8 - x64
    Running from: c:\users\melanie\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\1b075935-6b9c-41c2-8914-643bfe886db8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\35445406-e7ed-4a0e-9922-45505e71594b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3d656744-60b2-4576-8124-a39729f8b522.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\72f0dc20-5af7-4221-9657-442597ce030b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\75c8751b-fcad-4846-80ce-3a2efec60612.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\8a7e779d-1e14-4f91-a1b0-82dc746441b1.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll
    c:\programdata\Roaming
    Y:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-02 23:55 . 2012-12-02 23:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\offreg.dll
    2012-12-02 19:13 . 2012-12-02 21:18 -------- d-----w- c:\program files (x86)\Advanced Fix 2012
    2012-12-02 19:09 . 2012-12-02 19:09 -------- d-----w- c:\users\melanie\AppData\Local\Avg2013
    2012-12-02 19:01 . 2012-12-02 22:38 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
    2012-12-02 18:49 . 2012-12-02 18:53 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
    2012-12-02 15:59 . 2012-12-02 15:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-02 15:59 . 2012-12-02 15:59 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-02 01:31 . 2012-12-02 01:31 -------- d-----w- c:\users\melanie\AppData\Roaming\AVG
    2012-12-02 01:30 . 2012-12-02 01:31 -------- d-----w- c:\programdata\AVG
    2012-12-02 01:29 . 2012-12-02 01:29 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-12-01 23:34 . 2012-12-02 17:48 -------- d-----w- c:\program files (x86)\World of Warcraft
    2012-12-01 22:38 . 2012-12-01 22:38 -------- d-----w- c:\users\melanie\AppData\Roaming\TuneUp Software
    2012-12-01 21:30 . 2012-12-02 19:10 -------- d-----w- c:\programdata\MFAData
    2012-12-01 21:30 . 2012-12-01 21:30 -------- d-----w- c:\users\melanie\AppData\Local\MFAData
    2012-12-01 20:49 . 2012-05-15 12:13 144896 ----a-w- c:\windows\system32\IntelOpenCL64.dll
    2012-12-01 20:49 . 2012-05-15 11:20 104448 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
    2012-12-01 17:43 . 2012-12-01 17:43 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-12-01 16:15 . 2012-12-01 16:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-12-01 16:15 . 2012-12-01 16:15 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-01 16:11 . 2012-12-01 16:11 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2012-12-01 16:11 . 2012-12-01 16:11 -------- d-----w- c:\users\melanie\AppData\Roaming\SystemRequirementsLab
    2012-11-30 20:13 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\mpengine.dll
    2012-11-24 15:03 . 2012-11-24 15:08 -------- d-----w- c:\users\melanie\AppData\Roaming\Auslogics
    2012-11-24 15:02 . 2012-12-03 00:02 -------- d-----w- c:\program files (x86)\Auslogics
    2012-11-19 19:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-19 19:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-19 19:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-19 19:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-18 15:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-18 15:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-18 15:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-18 15:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-18 15:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-18 15:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-18 15:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-15 02:01 . 2012-11-15 02:05 -------- d-----w- c:\users\melanie\AppData\Roaming\Free Sound Recorder
    2012-11-15 02:01 . 2005-04-04 22:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
    2012-11-15 02:01 . 2005-03-28 20:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
    2012-11-15 02:01 . 2005-03-28 20:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
    2012-11-15 02:01 . 2005-02-24 16:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
    2012-11-15 02:01 . 2012-11-15 02:01 -------- d-----w- c:\program files (x86)\Free Sound Recorder
    2012-11-15 02:01 . 2005-05-18 16:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
    2012-11-15 02:01 . 2005-05-17 17:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
    2012-11-15 02:01 . 2005-04-25 18:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
    2012-11-15 02:01 . 2005-04-25 18:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
    2012-11-15 02:01 . 2005-04-15 17:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
    2012-11-15 02:01 . 2004-11-04 18:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
    2012-11-12 01:36 . 2012-11-12 01:36 -------- d-----w- c:\users\melanie\AppData\Roaming\Yahoo!
    2012-11-12 01:36 . 2012-11-12 01:36 -------- d-----w- c:\programdata\Yahoo! Companion
    2012-11-12 01:36 . 2012-11-12 16:53 -------- d-----w- c:\program files (x86)\Yahoo!
    2012-11-12 01:34 . 2012-11-12 01:34 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
    2012-11-12 01:33 . 2012-11-12 16:53 -------- d-----w- c:\program files (x86)\HP
    2012-11-12 01:32 . 2012-11-12 01:32 -------- d-----w- c:\program files\HP
    2012-11-12 01:30 . 2012-11-12 16:53 -------- d-----w- c:\programdata\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-01 16:15 . 2012-01-21 15:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-18 15:47 . 2012-01-28 14:16 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-10-22 22:40 . 2012-10-22 22:40 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
    2012-10-22 22:40 . 2012-10-22 22:40 524800 ----a-w- c:\windows\system32\iglhsip64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 513056 ----a-w- c:\windows\system32\igfxsrvc.exe
    2012-10-22 22:40 . 2012-10-22 22:40 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrita.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 410624 ----a-w- c:\windows\system32\igfxTMM.dll
    2012-10-22 22:40 . 2012-10-22 22:40 272928 ----a-w- c:\windows\system32\igvpkrng600.bin
    2012-10-22 22:40 . 2012-10-22 22:40 216064 ----a-w- c:\windows\system32\iglhcp64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 171040 ----a-w- c:\windows\system32\igfxtray.exe
    2012-10-22 22:40 . 2012-10-22 22:40 116224 ----a-w- c:\windows\system32\igfxCoIn_v2875.dll
    2012-10-22 22:40 . 2012-01-21 16:29 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
    2012-10-22 22:40 . 2012-10-22 22:40 440320 ----a-w- c:\windows\system32\igfxrell.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 439808 ----a-w- c:\windows\system32\igfxresn.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
    2012-10-22 22:40 . 2012-01-21 16:29 9007616 ----a-w- c:\windows\system32\igfxress.dll
    2012-10-22 22:40 . 2012-10-22 22:40 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2012-10-22 22:40 . 2012-10-22 22:40 640512 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 518656 ----a-w- c:\windows\system32\igfxcmrt64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 441888 ----a-w- c:\windows\system32\igfxpers.exe
    2012-10-22 22:40 . 2012-10-22 22:40 441344 ----a-w- c:\windows\system32\igfxdev.dll
    2012-10-22 22:40 . 2012-10-22 22:40 435712 ----a-w- c:\windows\system32\igfxrara.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 384512 ----a-w- c:\windows\system32\igfxpph.dll
    2012-10-22 22:40 . 2012-10-22 22:40 3510784 ----a-w- c:\windows\system32\igfxcmjit64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 252448 ----a-w- c:\windows\system32\igfxext.exe
    2012-10-22 22:40 . 2012-10-22 22:40 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2012-10-22 22:40 . 2012-10-22 22:40 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
    2012-10-22 22:40 . 2012-01-21 16:29 28672 ----a-w- c:\windows\system32\igfxexps.dll
    2012-10-22 22:40 . 2012-10-22 22:40 483840 ----a-w- c:\windows\system32\igfx11cmrt64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 459264 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 3121152 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
    2012-10-22 22:40 . 2012-01-21 16:29 12615168 ----a-w- c:\windows\system32\igdumd64.dll
    2012-10-22 22:40 . 2012-01-21 16:29 11049472 ----a-w- c:\windows\SysWow64\igdumd32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 5332896 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
    2012-10-22 22:40 . 2012-10-22 22:40 80384 ----a-w- c:\windows\system32\igdde64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
    2012-10-22 22:40 . 2012-01-21 16:29 12854272 ----a-w- c:\windows\system32\igd10umd64.dll
    2012-10-22 22:40 . 2012-01-21 16:29 11171840 ----a-w- c:\windows\SysWow64\igd10umd32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 963452 ----a-w- c:\windows\system32\igcodeckrng600.bin
    2012-10-22 22:39 . 2012-10-22 22:39 12887552 ----a-w- c:\windows\system32\ig4icd64.dll
    2012-10-22 22:39 . 2012-10-22 22:39 10674176 ----a-w- c:\windows\SysWow64\ig4icd32.dll
    2012-10-22 22:39 . 2012-10-22 22:39 5903392 ----a-w- c:\windows\system32\GfxUI.exe
    2012-10-22 22:39 . 2012-10-22 22:39 399392 ----a-w- c:\windows\system32\hkcmd.exe
    2012-10-22 22:39 . 2012-10-22 22:39 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
    2012-10-22 22:39 . 2012-01-21 16:29 110592 ----a-w- c:\windows\system32\hccutils.dll
    2012-10-22 22:39 . 2012-10-22 22:39 185376 ----a-w- c:\windows\system32\difx64.exe
    2012-10-16 08:38 . 2012-11-28 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 20:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-08 21:08 . 2012-10-08 21:08 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-10-08 16:42 . 2012-10-08 16:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-10-08 16:42 . 2012-01-21 16:29 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-10-08 16:42 . 2012-10-08 16:42 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-10-08 16:42 . 2012-10-08 16:42 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-10-08 16:42 . 2012-01-21 16:29 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-10-08 16:42 . 2012-10-08 16:42 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-10-08 16:42 . 2012-01-21 16:29 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-10-08 16:42 . 2012-01-21 16:29 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-10-08 16:42 . 2012-10-08 16:42 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-10-08 16:42 . 2012-10-08 16:42 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-10-08 16:42 . 2012-10-08 16:42 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
    2012-10-08 16:42 . 2012-10-08 16:42 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-08 16:42 . 2012-10-08 16:42 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-08 16:42 . 2012-10-08 16:42 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-10-08 16:42 . 2012-01-21 16:29 247144 ----a-w- c:\windows\system32\nvinitx.dll
    2012-10-08 16:42 . 2012-10-08 16:42 9146728 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-08 16:42 . 2012-10-08 16:42 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2012-10-08 16:42 . 2012-10-08 16:42 7414632 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-08 16:42 . 2012-01-21 16:29 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-10-08 16:42 . 2012-10-08 16:42 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-08 16:42 . 2012-01-21 16:29 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-10-08 16:42 . 2012-10-08 16:42 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E71596B0-A83B-453D-82C1-4BE99947C65F}]
    2012-03-23 08:13 107328 ----a-w- c:\users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Akamai NetSession Interface"="c:\users\melanie\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-27 1255736]
    R3 X6va005;X6va005;c:\users\melanie\AppData\Local\Temp\005D90F.tmp [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
    S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-06-25 331512]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\DRIVERS\qcfilterdl2k.sys [2010-08-25 6400]
    S3 qcusbnetdl2k;Gobi 2000 USB-NDIS miniport(413C-8186);c:\windows\system32\DRIVERS\qcusbnetdl2k.sys [2010-08-25 443392]
    S3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\DRIVERS\qcusbserdl2k.sys [2010-08-25 230784]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - TuneUpUtilitiesDrv
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-02 15:59]
    .
    2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002660311-1004659573-2410536576-1001Core.job
    - c:\users\melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 20:45]
    .
    2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002660311-1004659573-2410536576-1001UA.job
    - c:\users\melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 20:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-22 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-22 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-22 441888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    Completion time: 2012-12-02 19:13:57
    ComboFix-quarantined-files.txt 2012-12-03 00:13
    .
    Pre-Run: 446,233,264,128 bytes free
    Post-Run: 446,182,932,480 bytes free
    .
    - - End Of File - - 1750BBB00FA21EC0723F1F4BF39DE8CA
     
  9. ALZN

    ALZN Thread Starter

    Joined:
    Dec 2, 2012
    Messages:
    11
    ComboFix 12-12-02.01 - melanie 12/02/2012 19:03:43.1.8 - x64
    Running from: c:\users\melanie\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\1b075935-6b9c-41c2-8914-643bfe886db8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\35445406-e7ed-4a0e-9922-45505e71594b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3d656744-60b2-4576-8124-a39729f8b522.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\72f0dc20-5af7-4221-9657-442597ce030b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\75c8751b-fcad-4846-80ce-3a2efec60612.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\8a7e779d-1e14-4f91-a1b0-82dc746441b1.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll
    c:\programdata\Roaming
    Y:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-02 23:55 . 2012-12-02 23:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\offreg.dll
    2012-12-02 19:13 . 2012-12-02 21:18 -------- d-----w- c:\program files (x86)\Advanced Fix 2012
    2012-12-02 19:09 . 2012-12-02 19:09 -------- d-----w- c:\users\melanie\AppData\Local\Avg2013
    2012-12-02 19:01 . 2012-12-02 22:38 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
    2012-12-02 18:49 . 2012-12-02 18:53 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
    2012-12-02 15:59 . 2012-12-02 15:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-02 15:59 . 2012-12-02 15:59 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-02 01:31 . 2012-12-02 01:31 -------- d-----w- c:\users\melanie\AppData\Roaming\AVG
    2012-12-02 01:30 . 2012-12-02 01:31 -------- d-----w- c:\programdata\AVG
    2012-12-02 01:29 . 2012-12-02 01:29 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-12-01 23:34 . 2012-12-02 17:48 -------- d-----w- c:\program files (x86)\World of Warcraft
    2012-12-01 22:38 . 2012-12-01 22:38 -------- d-----w- c:\users\melanie\AppData\Roaming\TuneUp Software
    2012-12-01 21:30 . 2012-12-02 19:10 -------- d-----w- c:\programdata\MFAData
    2012-12-01 21:30 . 2012-12-01 21:30 -------- d-----w- c:\users\melanie\AppData\Local\MFAData
    2012-12-01 20:49 . 2012-05-15 12:13 144896 ----a-w- c:\windows\system32\IntelOpenCL64.dll
    2012-12-01 20:49 . 2012-05-15 11:20 104448 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
    2012-12-01 17:43 . 2012-12-01 17:43 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-12-01 16:15 . 2012-12-01 16:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-12-01 16:15 . 2012-12-01 16:15 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-01 16:11 . 2012-12-01 16:11 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2012-12-01 16:11 . 2012-12-01 16:11 -------- d-----w- c:\users\melanie\AppData\Roaming\SystemRequirementsLab
    2012-11-30 20:13 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1404B5CF-D426-4D05-AF28-E03D8982F8C3}\mpengine.dll
    2012-11-24 15:03 . 2012-11-24 15:08 -------- d-----w- c:\users\melanie\AppData\Roaming\Auslogics
    2012-11-24 15:02 . 2012-12-03 00:02 -------- d-----w- c:\program files (x86)\Auslogics
    2012-11-19 19:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-19 19:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-19 19:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-19 19:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-18 15:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-18 15:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-18 15:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-18 15:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-18 15:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-18 15:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-18 15:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-15 02:01 . 2012-11-15 02:05 -------- d-----w- c:\users\melanie\AppData\Roaming\Free Sound Recorder
    2012-11-15 02:01 . 2005-04-04 22:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
    2012-11-15 02:01 . 2005-03-28 20:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
    2012-11-15 02:01 . 2005-03-28 20:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
    2012-11-15 02:01 . 2005-02-24 16:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
    2012-11-15 02:01 . 2012-11-15 02:01 -------- d-----w- c:\program files (x86)\Free Sound Recorder
    2012-11-15 02:01 . 2005-05-18 16:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
    2012-11-15 02:01 . 2005-05-17 17:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
    2012-11-15 02:01 . 2005-04-25 18:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
    2012-11-15 02:01 . 2005-04-25 18:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
    2012-11-15 02:01 . 2005-04-15 17:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
    2012-11-15 02:01 . 2004-11-04 18:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
    2012-11-12 01:36 . 2012-11-12 01:36 -------- d-----w- c:\users\melanie\AppData\Roaming\Yahoo!
    2012-11-12 01:36 . 2012-11-12 01:36 -------- d-----w- c:\programdata\Yahoo! Companion
    2012-11-12 01:36 . 2012-11-12 16:53 -------- d-----w- c:\program files (x86)\Yahoo!
    2012-11-12 01:34 . 2012-11-12 01:34 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
    2012-11-12 01:33 . 2012-11-12 16:53 -------- d-----w- c:\program files (x86)\HP
    2012-11-12 01:32 . 2012-11-12 01:32 -------- d-----w- c:\program files\HP
    2012-11-12 01:30 . 2012-11-12 16:53 -------- d-----w- c:\programdata\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-01 16:15 . 2012-01-21 15:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-18 15:47 . 2012-01-28 14:16 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-10-22 22:40 . 2012-10-22 22:40 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
    2012-10-22 22:40 . 2012-10-22 22:40 524800 ----a-w- c:\windows\system32\iglhsip64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 513056 ----a-w- c:\windows\system32\igfxsrvc.exe
    2012-10-22 22:40 . 2012-10-22 22:40 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrita.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 410624 ----a-w- c:\windows\system32\igfxTMM.dll
    2012-10-22 22:40 . 2012-10-22 22:40 272928 ----a-w- c:\windows\system32\igvpkrng600.bin
    2012-10-22 22:40 . 2012-10-22 22:40 216064 ----a-w- c:\windows\system32\iglhcp64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 171040 ----a-w- c:\windows\system32\igfxtray.exe
    2012-10-22 22:40 . 2012-10-22 22:40 116224 ----a-w- c:\windows\system32\igfxCoIn_v2875.dll
    2012-10-22 22:40 . 2012-01-21 16:29 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
    2012-10-22 22:40 . 2012-10-22 22:40 440320 ----a-w- c:\windows\system32\igfxrell.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 439808 ----a-w- c:\windows\system32\igfxresn.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
    2012-10-22 22:40 . 2012-01-21 16:29 9007616 ----a-w- c:\windows\system32\igfxress.dll
    2012-10-22 22:40 . 2012-10-22 22:40 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2012-10-22 22:40 . 2012-10-22 22:40 640512 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 518656 ----a-w- c:\windows\system32\igfxcmrt64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 441888 ----a-w- c:\windows\system32\igfxpers.exe
    2012-10-22 22:40 . 2012-10-22 22:40 441344 ----a-w- c:\windows\system32\igfxdev.dll
    2012-10-22 22:40 . 2012-10-22 22:40 435712 ----a-w- c:\windows\system32\igfxrara.lrc
    2012-10-22 22:40 . 2012-10-22 22:40 384512 ----a-w- c:\windows\system32\igfxpph.dll
    2012-10-22 22:40 . 2012-10-22 22:40 3510784 ----a-w- c:\windows\system32\igfxcmjit64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 252448 ----a-w- c:\windows\system32\igfxext.exe
    2012-10-22 22:40 . 2012-10-22 22:40 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2012-10-22 22:40 . 2012-10-22 22:40 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
    2012-10-22 22:40 . 2012-01-21 16:29 28672 ----a-w- c:\windows\system32\igfxexps.dll
    2012-10-22 22:40 . 2012-10-22 22:40 483840 ----a-w- c:\windows\system32\igfx11cmrt64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 459264 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 3121152 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
    2012-10-22 22:40 . 2012-01-21 16:29 12615168 ----a-w- c:\windows\system32\igdumd64.dll
    2012-10-22 22:40 . 2012-01-21 16:29 11049472 ----a-w- c:\windows\SysWow64\igdumd32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 5332896 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
    2012-10-22 22:40 . 2012-10-22 22:40 80384 ----a-w- c:\windows\system32\igdde64.dll
    2012-10-22 22:40 . 2012-10-22 22:40 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
    2012-10-22 22:40 . 2012-01-21 16:29 12854272 ----a-w- c:\windows\system32\igd10umd64.dll
    2012-10-22 22:40 . 2012-01-21 16:29 11171840 ----a-w- c:\windows\SysWow64\igd10umd32.dll
    2012-10-22 22:40 . 2012-10-22 22:40 963452 ----a-w- c:\windows\system32\igcodeckrng600.bin
    2012-10-22 22:39 . 2012-10-22 22:39 12887552 ----a-w- c:\windows\system32\ig4icd64.dll
    2012-10-22 22:39 . 2012-10-22 22:39 10674176 ----a-w- c:\windows\SysWow64\ig4icd32.dll
    2012-10-22 22:39 . 2012-10-22 22:39 5903392 ----a-w- c:\windows\system32\GfxUI.exe
    2012-10-22 22:39 . 2012-10-22 22:39 399392 ----a-w- c:\windows\system32\hkcmd.exe
    2012-10-22 22:39 . 2012-10-22 22:39 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
    2012-10-22 22:39 . 2012-01-21 16:29 110592 ----a-w- c:\windows\system32\hccutils.dll
    2012-10-22 22:39 . 2012-10-22 22:39 185376 ----a-w- c:\windows\system32\difx64.exe
    2012-10-16 08:38 . 2012-11-28 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 20:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-08 21:08 . 2012-10-08 21:08 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-10-08 16:42 . 2012-10-08 16:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-10-08 16:42 . 2012-01-21 16:29 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-10-08 16:42 . 2012-10-08 16:42 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-10-08 16:42 . 2012-10-08 16:42 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-10-08 16:42 . 2012-01-21 16:29 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-10-08 16:42 . 2012-10-08 16:42 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-10-08 16:42 . 2012-01-21 16:29 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-10-08 16:42 . 2012-01-21 16:29 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-10-08 16:42 . 2012-10-08 16:42 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-10-08 16:42 . 2012-10-08 16:42 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-10-08 16:42 . 2012-10-08 16:42 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
    2012-10-08 16:42 . 2012-10-08 16:42 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-08 16:42 . 2012-10-08 16:42 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-08 16:42 . 2012-10-08 16:42 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-10-08 16:42 . 2012-01-21 16:29 247144 ----a-w- c:\windows\system32\nvinitx.dll
    2012-10-08 16:42 . 2012-10-08 16:42 9146728 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-08 16:42 . 2012-10-08 16:42 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2012-10-08 16:42 . 2012-10-08 16:42 7414632 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-08 16:42 . 2012-01-21 16:29 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-10-08 16:42 . 2012-10-08 16:42 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-08 16:42 . 2012-01-21 16:29 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-10-08 16:42 . 2012-10-08 16:42 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E71596B0-A83B-453D-82C1-4BE99947C65F}]
    2012-03-23 08:13 107328 ----a-w- c:\users\melanie\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Akamai NetSession Interface"="c:\users\melanie\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-27 1255736]
    R3 X6va005;X6va005;c:\users\melanie\AppData\Local\Temp\005D90F.tmp [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
    S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-06-25 331512]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\DRIVERS\qcfilterdl2k.sys [2010-08-25 6400]
    S3 qcusbnetdl2k;Gobi 2000 USB-NDIS miniport(413C-8186);c:\windows\system32\DRIVERS\qcusbnetdl2k.sys [2010-08-25 443392]
    S3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\DRIVERS\qcusbserdl2k.sys [2010-08-25 230784]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - TuneUpUtilitiesDrv
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-02 15:59]
    .
    2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002660311-1004659573-2410536576-1001Core.job
    - c:\users\melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 20:45]
    .
    2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002660311-1004659573-2410536576-1001UA.job
    - c:\users\melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 20:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-22 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-22 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-22 441888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\xxiprtz5.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    Completion time: 2012-12-02 19:13:57
    ComboFix-quarantined-files.txt 2012-12-03 00:13
    .
    Pre-Run: 446,233,264,128 bytes free
    Post-Run: 446,182,932,480 bytes free
    .
    - - End Of File - - 1750BBB00FA21EC0723F1F4BF39DE8CA
     
  10. ALZN

    ALZN Thread Starter

    Joined:
    Dec 2, 2012
    Messages:
    11
    Right now I'm looking to see if the computer will crash like it did previously.
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,823
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
     

    Attached Files:

  12. ALZN

    ALZN Thread Starter

    Joined:
    Dec 2, 2012
    Messages:
    11
    After my computer reset from ComboFix and I copied the report, I was unable to open any browser. The error message I received stated that it was marked for deletion. Honestly, I freaked out. I then restarted my computer and all the files are working fine now, but I'm unable to find the Combofix.txt file. However I checked for my problem devices and X5XSEx is no longer listed. I also checked in my Device Manager and X5XSEx is absent! I have an image file of what my Device Manager currently looks like, however I am unable to insert an image?
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,823
    look in C:\qoobox for the Combofix.txt

    are you still getting any problems now or have they all cleared up
     
  14. ALZN

    ALZN Thread Starter

    Joined:
    Dec 2, 2012
    Messages:
    11
    I haven't been getting any problems!
    I have found the files Add-Remove Programs.txt, CFScript_used_2012-12-03_18.22.16.txt, and ComboFix-quarantined-files.txt that were created yesterday. Do I post the contents of all or just one specific file?
    .
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,823
    there should just be a Combofix.txt and a combofix2.txt in Qoobox. If they aren't there please look inside the quarantine folder inside qoobox
    that is the file I need to see , not the others to make sure CF did deal with it
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1079262