1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan:JS/Medfos.B infection

Discussion in 'Virus & Other Malware Removal' started by MnM3, Feb 11, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. MnM3

    MnM3 Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    23
    Howdy,

    Since last night MSE has been identifying the Trojan:JS/Medfos.B every couple minutes and quarantines the action.
    However after running a bunch of scans, none of my anti-virus software (MSE, Malwarebytes or adwclearer) can detect it. I understand it is nasty virus that changes itself so detection is difficult.

    So far my system appears to be running OK - no hijacks or slowdowns...but I want to get ride of this nasty one.

    BTW - I have a 2TB USB backup that runs nightly. I did not run a backup last night. However without knowing if the virus has a delay feature, I'm not sure whether or not the virus got into the backups. The backup drive is unplugged for now.
    Is it safe to assume that since a backup is a one way process - I can do a fresh backup once we clean my computer and then delete the old backups?

    Thanks,
    MnM3

    Below are the requested logs:

    HIJACK THIS:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:59:34 PM, on 2/11/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Windows\SysWOW64\HsMgr.exe
    C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: 7.184.80.56 SERVER #Windows Home Server#
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Google Analytics Opt-out Browser Add-on - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN233BQ0WY05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Windows Home Server.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 11214 bytes

    DDS log:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Owner at 18:00:22 on 2013-02-11
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16278.13793 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Windows Home Server\esClient.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\SysWOW64\HsMgr.exe
    C:\Windows\system\HsMgr64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
    C:\Program Files\Logitech Gaming Software\LCore.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    C:\Program Files\Windows Home Server\WHSTrayApp.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    C:\Program Files\Windows Home Server\WHSConnector.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k swprv
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Owner\Desktop\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Google Analytics Opt-out Browser Add-on: {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [WorldClock] <no file>
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [WorldClock] <no file>
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{7C34C74E-B5F2-42BD-8BC6-A575C34F7414} : DHCPNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
    x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
    x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    x64-Run: [zrmito] rundll32.exe "C:\Users\Owner\AppData\Roaming\zrmito.dll",GetSystemParameter
    x64-Run: [mdlwmt] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\mdlwmt.dll",vExecTokenA
    x64-Run: [dmscsh] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmscsh.dll",UnpackTuple
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 7.184.80.56 SERVER #Windows Home Server#
    ============= SERVICES / DRIVERS ===============
    .
    R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-17 16152]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-5-17 17192]
    R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]
    R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-17 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-17 121344]
    R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-17 161560]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-31 3467768]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-17 363800]
    R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
    R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2012-8-22 2725376]
    R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-17 25632]
    R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
    R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-17 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-17 787736]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
    R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-17 351136]
    R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2011-3-3 4865568]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-6-12 35112]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
    R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-5-17 34752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
    S3 DrmCAudio;DrmCAudio;C:\Windows\System32\drivers\DrmCAudio.sys [2012-10-23 34088]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-17 331264]
    S3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-6-27 32344]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-27 19456]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-27 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-27 30208]
    S3 TuneConvertAudio;TuneConvertAudio;C:\Windows\System32\drivers\TuneConvertAudio.sys [2012-10-21 34088]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-4 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-02-12 01:37:29 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
    2013-02-11 06:38:32 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64659B79-F267-458A-B48C-A80F433E0B41}\offreg.dll
    2013-02-11 02:47:45 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64659B79-F267-458A-B48C-A80F433E0B41}\mpengine.dll
    2013-02-11 02:07:27 300544 ----a-w- C:\Users\Owner\AppData\Roaming\dmscsh.dll
    2013-02-11 02:07:04 552448 ----a-w- C:\Users\Owner\AppData\Roaming\mdlwmt.dll
    2013-02-11 02:06:17 139776 ----a-w- C:\Users\Owner\AppData\Roaming\zrmito.dll
    2013-02-10 11:09:37 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-20 20:35:20 -------- d-----w- C:\Windows\SysWow64\My Vaults
    2013-01-19 19:52:58 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
    .
    ==================== Find3M ====================
    .
    2013-02-12 01:37:29 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
    2013-02-11 04:36:41 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-02-11 04:36:41 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2013-02-11 04:34:47 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-02-08 15:49:29 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-08 15:49:29 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-01 07:52:20 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
    2013-02-01 07:52:20 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2013-02-01 07:52:20 111616 ----a-w- C:\Windows\System32\OpenAL32.dll
    2013-02-01 07:52:20 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-09 06:08:06 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2013-01-07 02:38:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    .
    ============= FINISH: 18:00:39.65 ===============


    ATTACH LOG:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/17/2012 9:04:32 AM
    System Uptime: 2/11/2013 5:36:57 PM (1 hours ago)
    .
    Motherboard: ASRock | | Z77 Extreme4
    Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 668.346 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 1863 GiB total, 288.2 GiB free.
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: High Definition Audio Controller
    Device ID: PCI\VEN_10DE&DEV_0E0A&SUBSYS_097A10DE&REV_A1\4&12B449C0&0&0109
    Manufacturer: Microsoft
    Name: High Definition Audio Controller
    PNP Device ID: PCI\VEN_10DE&DEV_0E0A&SUBSYS_097A10DE&REV_A1\4&12B449C0&0&0109
    Service: HDAudBus
    .
    ==== System Restore Points ===================
    .
    RP276: 2/9/2013 2:00:23 AM - Windows Backup
    RP277: 2/10/2013 2:00:23 AM - Windows Backup
    RP278: 2/11/2013 5:47:41 PM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.2
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Asmedia ASM106x SATA Host Controller Driver
    ASRock App Charger v1.0.5
    ASUS Xonar DG Audio Driver
    Audacity 2.0.2
    Battlefield 3™
    Battlelog Web Plugins
    Better File Rename 5.1
    Broadcom NetLink Controller
    CameraHelperMsi
    CCleaner
    Chinese Simplified Fonts Support For Adobe Reader 9
    Core Temp 1.0 RC3
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    erLT
    ESN Sonar
    Fotosizer 1.34
    Freemake Video Converter version 3.1.2
    Geeks3D.com FurMark 1.10.0
    Google Analytics Opt-out Browser Add-on
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HP FWUpdateEDO2
    HP Officejet Pro 8600 Basic Device Software
    HP Officejet Pro 8600 Help
    HP Update
    I.R.I.S. OCR
    Intel(R) Control Center
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) Smart Connect Technology 2.0 x64
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    Japanese Fonts Support For Adobe Reader 9
    Jasc Paint Shop Pro 8
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 7 Update 4 (64-bit)
    JavaFX 2.1.1
    LAME v3.99.3 (for Windows)
    Logitech Gaming Software
    Logitech Gaming Software 8.40
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Access database engine 2010 (English)
    Microsoft Application Error Reporting
    Microsoft AutoRoute 2011
    Microsoft Flight Simulator 2004 A Century of Flight
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    Newshosting
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.16.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OpenAL
    Origin
    PDFCreator
    PunkBuster Services
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Skype™ 6.0
    TeamSpeak 3 Client
    TeamViewer 8
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Ventrilo Client for Windows x64
    VLC media player 2.0.2
    Windows Home Server Connector
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinPcap 4.1.2
    WinRAR archiver
    WinZip
    WorldClock 3.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/8/2013 2:36:22 AM, Error: volsnap [25] - The shadow copies of volume E: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    2/11/2013 5:48:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\Owner\AppData\Local\ae4291b1-3050-40cf-b52b-b8ebd1e97b4e.crx;file:_C:\Users\Owner\AppData\Local\ae4291b1-3050-40cf-b52b-b8ebd1e97b4e.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070070 Error description: There is not enough space on the disk. Signature Version: AV: 1.143.2006.0, AS: 1.143.2006.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
    2/11/2013 5:39:49 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/11/2013 5:39:49 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    2/11/2013 5:37:53 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
    2/11/2013 5:37:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tpcdrdrv
    2/10/2013 10:38:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/10/2013 10:38:44 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/10/2013 10:38:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/10/2013 10:38:42 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/10/2013 10:38:42 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    .
    ==== End Of File ===========================

    ARK LOG:
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-11 18:05:29
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.15.0 931.51GB
    Running: h4zzyvoq.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwliqkow.sys

    ---- Threads - GMER 2.0 ----
    Thread C:\Windows\SysWOW64\rundll32.exe [3436:3456] 0000000000233bc6
    Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [5756:5036] 0000000005c43414
    ---- EOF - GMER 2.0 ----
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,896
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  3. MnM3

    MnM3 Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    23
    Derek,

    ComboFix was run.
    Below is the log.

    However, I got two popups after it was run indicating two files were not found.
    C:\Users\Owner\AppData\Roaming\dmscsh.dll
    C:\Users\Owner\AppData\Roaming\mdlwmt.dll

    Not sure if Combo deleted them just now or MSE during a full scan last night.
    MSE found them and asked they be sent for further analysis - which I did before running ComboFix.
    I assume they got deleted by one or both of the software.
    I assume I can repair from my Win7 disk in the future after we are done.

    Thanks,
    Mark


    ComboFix 13-02-12.01 - Owner 02/12/2013 18:31:30.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16278.14083 [GMT -8:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Owner\AppData\Roaming\dmscsh.dll
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-13 to 2013-02-13 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-12 11:26 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C0BC9-2654-4854-873F-0C2CDF6E735E}\mpengine.dll
    2013-02-12 06:58 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-12 06:45 . 2013-02-12 06:45 22064 ----a-w- c:\windows\DCEBoot64.exe
    2013-01-20 20:35 . 2013-01-20 20:35 -------- d-----w- c:\windows\SysWow64\My Vaults
    2013-01-19 19:52 . 2013-01-19 19:52 -------- d-----w- c:\users\Owner\AppData\Local\Programs
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-13 02:35 . 2012-05-17 16:25 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
    2013-02-12 05:45 . 2012-06-08 04:41 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-02-12 05:45 . 2012-06-06 02:13 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-02-12 04:38 . 2012-06-06 02:13 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-02-08 15:49 . 2012-06-07 04:02 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-08 15:49 . 2012-06-07 04:02 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-01 07:52 . 2012-08-23 03:14 419840 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-02-01 07:52 . 2012-08-23 03:14 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2013-02-01 07:52 . 2012-08-23 03:14 111616 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-02-01 07:52 . 2012-08-23 03:14 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-09 11:04 . 2012-06-04 19:21 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-09 06:08 . 2012-06-06 02:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2013-01-07 02:38 . 2013-01-07 02:38 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-12-16 17:11 . 2012-12-21 11:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 11:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 11:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 11:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-15 00:49 . 2012-10-07 20:01 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-07 13:20 . 2013-01-09 06:31 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 06:31 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 06:31 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 06:31 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 06:31 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 06:31 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 06:31 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 06:31 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 06:31 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 06:31 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 06:31 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 06:31 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 06:31 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 06:31 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 06:31 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 06:31 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 06:31 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 06:31 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 06:31 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 06:31 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 06:31 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 06:31 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 06:31 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 06:31 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 06:31 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 06:31 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 06:31 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 06:31 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 06:31 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 06:31 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 06:31 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 06:31 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-11-30 05:45 . 2013-01-09 06:31 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 06:31 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 06:31 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:45 . 2013-01-09 06:31 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 05:43 . 2013-01-09 06:31 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 06:31 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 06:31 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:54 . 2013-01-09 06:31 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2012-11-30 04:53 . 2013-01-09 06:31 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 06:31 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-10 39408]
    "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-6-12 666992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 363800]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [2012-06-05 34088]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
    R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2012-06-05 34088]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-04 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-22 49760]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
    S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
    S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
    S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-08 121344]
    S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
    S3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
    S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
    S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
    S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
    S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
    S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 35112]
    S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-02-13 34752]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 15:49]
    .
    2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 01:44]
    .
    2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 01:44]
    .
    2013-02-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    2013-02-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-13 8769536]
    "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
    "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-WorldClock - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-WorldClock - (no file)
    HKLM-Run-mdlwmt - c:\users\Owner\AppData\Roaming\mdlwmt.dll
    HKLM-Run-dmscsh - c:\users\Owner\AppData\Roaming\dmscsh.dll
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
    .
    **************************************************************************
    .
    Completion time: 2013-02-12 18:37:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-02-13 02:37
    .
    Pre-Run: 710,388,965,376 bytes free
    Post-Run: 709,885,435,904 bytes free
    .
    - - End Of File - - 7CA7722378E6372BFB9B0A270F9A6B06
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,896
    reboot again & let us know if you are still getting any warning or error messages, or if you still have any problems
     
  5. MnM3

    MnM3 Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    23
    Hi Derek,

    I don't appear to have any redirects or slowdowns or MSE alerts but I am getting the missing file(s) popups at reboot.
    C:\Users\Owner\AppData\Roaming\dmscsh.dll
    C:\Users\Owner\AppData\Roaming\mdlwmt.dll
    See attached:
    dmscsh.dll.jpg
    mdlwmt.dll.jpg

    In addition, MSE found a quarantined file that it asked to be sent. Which I did.
    See attached:
    dmscsh.dll.vir.jpg

    Mark
     

    Attached Files:

  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,896
    lets see if this shows us the start up entries for the missing files ( we deleted them with Combofix and their start up entries, but there must be additional start up entries hidden somewhere)


    Download OTScanIt.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Double-click on OTS.exe to start the program.
    • In the Files Age drop down box click 90
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  7. MnM3

    MnM3 Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    23
    Hi Derek,

    Here is the OTC scan log. Surprisingly it didn't take too long to scan.

    BTW - both popups appeared overnight and were lableld as "unable to find" files.

    Mark

    Code:
    OTS logfile created on: 2/14/2013 7:01:56 AM - Run 1
    OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\Owner\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 87.00% Memory free
    32.00 Gb Paging File | 30.00 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 665.99 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: ANTEC300CA
    Current User Name: Owner
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 90 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2013/02/14 06:58:50 | 000,646,656 | ---- | M] (OldTimer Tools)
    pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2013/01/08 22:08:06 | 000,076,888 | ---- | M] ()
    teamviewer_service.exe -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -> [2012/12/14 01:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH)
    teamviewer.exe -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe -> [2012/12/14 01:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH)
    tv_w32.exe -> C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe -> [2012/12/14 01:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH)
    nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation)
    streetsolkshim.exe -> C:\Program Files (x86)\Microsoft AutoRoute 2011\StreetsOlkShim.exe -> [2012/06/16 10:53:54 | 000,040,736 | ---- | M] (Microsoft)
    uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/02/07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation)
    lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/02/07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation)
    jhi_service.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/02/07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation)
    intelmefwservice.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/02/07 16:27:24 | 000,121,344 | ---- | M] ()
    umvpfsrv.exe -> C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -> [2012/01/17 22:44:52 | 000,450,848 | ---- | M] (Logitech Inc.)
    iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation)
    asusaudiocenter.exe -> C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe -> [2011/05/12 15:50:03 | 001,990,656 | ---- | M] (CMedia)
    hsmgr.exe -> C:\Windows\SysWOW64\HsMgr.exe -> [2008/07/11 14:04:22 | 000,200,704 | ---- | M] ()
     
    [Modules - No Company Name]
    vmixp8.dll -> C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll -> [2011/04/19 13:56:58 | 000,143,360 | ---- | M] ()
    hsmgr.exe -> C:\Windows\SysWOW64\HsMgr.exe -> [2008/07/11 14:04:22 | 000,200,704 | ---- | M] ()
     
    [Win32 Services - Safe List]
    64bit-(NisSrv)  [Unknown | Running] -> c:\Program Files\Microsoft Security Client\NisSrv.exe -> [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation)
    64bit-(MsMpSvc)  [Unknown | Running] -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation)
    64bit-(ISCTAgent)  [Auto | Running] -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -> [2012/02/09 15:26:48 | 000,133,632 | ---- | M] ()
    64bit-(Intel(R) Capability Licensing Service Interface)  [Auto | Running] -> C:\Program Files\Intel\iCLS Client\HeciServer.exe -> [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation)
    64bit-(arXfrSvc)  [Auto | Running] -> C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -> [2011/01/10 12:21:02 | 000,231,280 | ---- | M] (Microsoft Corporation)
    64bit-(esClient)  [Auto | Running] -> C:\Program Files\Windows Home Server\esClient.exe -> [2011/01/10 12:20:18 | 000,109,936 | ---- | M] (Microsoft Corporation)
    64bit-(WHSConnector)  [Auto | Running] -> C:\Program Files\Windows Home Server\WHSConnector.exe -> [2011/01/10 12:19:58 | 000,489,840 | ---- | M] (Microsoft Corporation)
    64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
    64bit-(AppMgmt)  [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
    (AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/02/08 07:49:29 | 000,251,248 | ---- | M] (Adobe Systems Incorporated)
    (PnkBstrA) PnkBstrA [Auto | Running] -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2013/01/08 22:08:06 | 000,076,888 | ---- | M] ()
    (TeamViewer8) TeamViewer 8 [Auto | Running] -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -> [2012/12/14 01:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH)
    (SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files (x86)\Skype\Updater\Updater.exe -> [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies)
    (cphs) Intel(R) Content Protection HECI Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\IntelCpHeciSvc.exe -> [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation)
    (nvUpdatusService) NVIDIA Update Service Daemon [Auto | Stopped] -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -> [2012/10/02 14:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation)
    (Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation)
    (UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/02/07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation)
    (LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/02/07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation)
    (jhi_service) Intel(R) Dynamic Application Loader Host Interface Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/02/07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation)
    (Intel(R) ME Service) Intel(R) ME Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/02/07 16:27:24 | 000,121,344 | ---- | M] ()
    (UMVPFSrv) UMVPFSrv [Auto | Running] -> C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -> [2012/01/17 22:44:52 | 000,450,848 | ---- | M] (Logitech Inc.)
    (IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation)
    (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
    (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
     
    [Driver Services - Safe List]
    64bit-(WPRO_41_2001) WinPcap Packet Driver (WPRO_41_2001) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\WPRO_41_2001.sys -> [2013/02/14 03:30:49 | 000,034,752 | ---- | M] ()
    64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation)
    64bit-(LGSHidFilt) Logitech Gaming KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LGSHidFilt.Sys -> [2012/10/02 14:26:46 | 000,066,360 | ---- | M] (Logitech Inc.)
    64bit-(NisDrv) Microsoft Network Inspection System [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\NisDrvWFP.sys -> [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation)
    64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation)
    64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation)
    64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation)
    64bit-(tbhsd) Audials Sound Capturing [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tbhsd.sys -> [2012/08/20 10:48:46 | 000,047,208 | ---- | M] (RapidSolution Software AG)
    64bit-(MEIx64) Intel(R) Management Engine Interface  [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation)
    64bit-(TuneConvertAudio) TuneConvertAudio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TuneConvertAudio.sys -> [2012/06/05 10:00:54 | 000,034,088 | ---- | M] (Windows (R) Win 7 DDK provider)
    64bit-(DrmCAudio) DrmCAudio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\DrmCAudio.sys -> [2012/06/05 09:42:54 | 000,034,088 | ---- | M] (Windows (R) Win 7 DDK provider)
    64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2012/04/18 09:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation)
    64bit-(ISCT) Intel(R) Smart Connect Technology Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ISCTD64.sys -> [2012/02/09 15:24:16 | 000,044,992 | ---- | M] ()
    64bit-(imsevent) Intel Upper Mouse Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\imsevent.sys -> [2012/02/09 15:24:16 | 000,025,536 | ---- | M] ()
    64bit-(ikbevent) Intel Upper keyboard Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ikbevent.sys -> [2012/02/09 15:24:14 | 000,025,536 | ---- | M] ()
    64bit-(iusb3xhc) Intel(R) USB 3.0 eXtensible Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\iusb3xhc.sys -> [2012/01/26 09:39:34 | 000,787,736 | ---- | M] (Intel Corporation)
    64bit-(iusb3hub) Intel(R) USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\iusb3hub.sys -> [2012/01/26 09:39:34 | 000,356,120 | ---- | M] (Intel Corporation)
    64bit-(iusb3hcs) Intel(R) USB 3.0 Host Controller Switch Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iusb3hcs.sys -> [2012/01/26 09:39:34 | 000,016,152 | ---- | M] (Intel Corporation)
    64bit-(LVUVC64) Logitech HD Webcam C525(UVC) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LVUVC64.sys -> [2012/01/17 22:44:36 | 004,865,568 | ---- | M] (Logitech Inc.)
    64bit-(LVRS64) Logitech RightSound Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\lvrs64.sys -> [2012/01/17 22:44:28 | 000,351,136 | ---- | M] (Logitech Inc.)
    64bit-(CompFilter64) UVCCompositeFilter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\lvbflt64.sys -> [2012/01/17 22:44:14 | 000,025,632 | ---- | M] (Logitech Inc.)
    64bit-(teamviewervpn) TeamViewer VPN Adapter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\teamviewervpn.sys -> [2011/12/16 07:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH)
    64bit-(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\IntcDAud.sys -> [2011/12/05 11:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation)
    64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2011/11/29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation)
    64bit-(asahci64) asahci64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\asahci64.sys -> [2011/09/21 16:56:24 | 000,049,760 | ---- | M] (Asmedia Technology)
    64bit-(AsrAppCharger) AsrAppCharger [Kernel | System | Running] -> C:\Windows\SysNative\drivers\AsrAppCharger.sys -> [2011/05/10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider)
    64bit-(k57nd60a) Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\k57nd60a.sys -> [2011/05/09 19:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation)
    64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
    64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
    64bit-(cmudaxp) ASUS Xonar DG Audio Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\cmudaxp.sys -> [2011/03/09 23:44:16 | 002,725,376 | ---- | M] (C-Media Inc)
    64bit-(asmtxhci) ASMEDIA XHCI Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\asmtxhci.sys -> [2011/03/04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc)
    64bit-(asmthub3) ASMedia USB3 Hub Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\asmthub3.sys -> [2011/03/04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc)
    64bit-(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wdcsam64.sys -> [2011/02/16 15:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies)
    64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\dmvsc.sys -> [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation)
    64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
    64bit-(LGVirHid) Logitech Gamepanel Virtual HID Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LGVirHid.sys -> [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.)
    64bit-(LGBusEnum) Logitech GamePanel Virtual Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LGBusEnum.sys -> [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.)
    64bit-(MBfilt) MBfilt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MBfilt64.sys -> [2009/11/18 06:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.)
    64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
    64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
    64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology)
    64bit-(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WSDPrint.sys -> [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation)
    64bit-(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\serscan.sys -> [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation)
    64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
    64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
    64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
    64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
    (WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
     
    [Registry - Safe List]
    < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> -> 
    HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\: Main\\"Start Page" -> [URL]http://www.google.com/[/URL] -> 
    HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-US -> 
    HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> AB 41 F0 FD 67 42 CD 01  [binary data] -> 
    HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\: "ProxyEnable" -> 0 -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    < FireFox Extensions [User Folders] > -> 
    < HOSTS File > ([2013/02/12 18:35:10 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
    Reset Hosts
    127.0.0.1       localhost
    < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/06/05 20:57:45 | 000,545,224 | ---- | M] (Oracle Corporation)
    {9A065C65-4EE7-4DDD-9918-F129089A894A} [HKLM] -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [BrowserHelper Class] -> [2011/01/10 12:20:00 | 000,266,096 | ---- | M] (Microsoft Corporation)
    {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2012/12/16 11:36:49 | 000,253,584 | ---- | M] (Google Inc.)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/06/05 20:57:45 | 000,193,480 | ---- | M] (Oracle Corporation)
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} [HKLM] -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [Google Analytics Opt-out Browser Add-on] -> [2010/07/14 15:54:48 | 000,245,816 | ---- | M] (Google, Inc.)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/09/24 23:02:30 | 000,449,512 | ---- | M] (Oracle Corporation)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/09/24 23:02:30 | 000,155,384 | ---- | M] (Oracle Corporation)
    < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/12/16 11:36:49 | 000,253,584 | ---- | M] (Google Inc.)
    "{D73E76A3-F902-45BD-8FC8-95AE8E014671}" [HKLM] -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [Home Server Banner] -> [2011/01/10 12:20:00 | 000,266,096 | ---- | M] (Microsoft Corporation)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/12/16 11:36:49 | 000,253,584 | ---- | M] (Google Inc.)
    < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Cmaudio8788" -> C:\Windows\Syswow64\cmicnfgp.dll [C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd] -> [2011/05/12 17:05:04 | 008,769,536 | ---- | M] (C-Media Corporation)
    "Cmaudio8788GX" -> C:\Windows\syswow64\HsMgr.exe [C:\Windows\syswow64\HsMgr.exe Envoke] -> [2008/07/11 14:04:22 | 000,200,704 | ---- | M] ()
    "Cmaudio8788GX64" -> C:\Windows\system\HsMgr64.exe [C:\Windows\system\HsMgr64.exe Envoke] -> [2008/07/11 14:03:58 | 000,282,112 | ---- | M] ()
    "dmscsh" ->  ["C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmscsh.dll",UnpackTuple] -> File not found
    "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2012/10/10 02:22:28 | 000,399,392 | ---- | M] (Intel Corporation)
    "IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2012/10/10 02:22:24 | 000,171,040 | ---- | M] (Intel Corporation)
    "IntelliPoint" -> C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe ["C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"] -> [2012/11/02 15:38:34 | 002,076,272 | ---- | M] (Microsoft Corporation)
    "IntelliType Pro" -> C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe ["C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"] -> [2012/11/02 15:38:34 | 001,464,944 | ---- | M] (Microsoft Corporation)
    "Launch LCore" -> C:\Program Files\Logitech Gaming Software\LCore.exe [C:\Program Files\Logitech Gaming Software\LCore.exe /minimized] -> [2012/11/28 16:09:44 | 007,406,392 | ---- | M] (Logitech Inc.)
    "mdlwmt" ->  ["C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\mdlwmt.dll",vExecTokenA] -> File not found
    "MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2012/09/12 20:16:10 | 001,289,704 | ---- | M] (Microsoft Corporation)
    "Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2012/10/10 02:22:30 | 000,441,888 | ---- | M] (Intel Corporation)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "" ->  [] -> File not found
    < Run [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "HP Officejet Pro 8600 (NET)" -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe ["C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN233BQ0WY05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1] -> [2012/10/17 04:29:50 | 002,573,416 | ---- | M] (Hewlett-Packard Co.)
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < Software Policy Settings [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    [URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    [URL="file://\\"ConsentPromptBehaviorAdmin"]\\"ConsentPromptBehaviorAdmin[/URL]" ->  [0] -> File not found
    [URL="file://\\"ConsentPromptBehaviorUser"]\\"ConsentPromptBehaviorUser[/URL]" ->  [3] -> File not found
    [URL="file://\\"EnableLUA"]\\"EnableLUA[/URL]" ->  [0] -> File not found
    [URL="file://\\"PromptOnSecureDesktop"]\\"PromptOnSecureDesktop[/URL]" ->  [0] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    [URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [145] -> File not found
    [URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
    PluginsPage -> [URL]http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s[/URL] -> 
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\] > -> HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-3629882384-1592604302-264797570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> [URL]http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/URL] [Shockwave Flash Object] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.1.254 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {7C34C74E-B5F2-42BD-8BC6-A575C34F7414}\\DhcpNameServer -> 192.168.1.254   (Broadcom NetLink (TM) Gigabit Ethernet) -> 
    < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 17:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
    /pagefile ->  -> File not found
    *MultiFile Done* -> -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    /pagefile ->  -> File not found
    *MultiFile Done* -> -> 
    < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2012/10/10 02:22:28 | 000,441,856 | ---- | M] (Intel Corporation)
    < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
    < Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
    < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
    < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
    {149D055A-E5F7-42AC-B57B-B68CEF1407DF} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-32757"]name=@firewallapi.dll,-32757[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
    {311F1D0C-1F0F-432C-86DB-7325873B49A7} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-28515"]name=@firewallapi.dll,-28515[/EMAIL] | app=system | 
    {37179AFF-A3BA-473C-8454-589A09BF1BDE} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-28507"]name=@firewallapi.dll,-28507[/EMAIL] | app=system | 
    {3C8FDB0D-DF96-4498-8652-70674EA1432D} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-32753"]name=@firewallapi.dll,-32753[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
    {44E7C6BF-5A63-47C5-A2DD-1561E3E17DC2} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-32805"]name=@firewallapi.dll,-32805[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {4A6669DA-7EAD-4AAF-B6C5-0C64504AFE70} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-28503"]name=@firewallapi.dll,-28503[/EMAIL] | app=system | 
    {548F2DBD-6046-4DCE-BBE2-732AD1D94D41} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
    {67CBA034-0575-4BCD-94C3-1F6DF6337A17} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-28539"]name=@firewallapi.dll,-28539[/EMAIL] | svc=rpcss | 
    {708F82E6-36A5-4B4C-9C08-A0374F8A0034} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-28519"]name=@firewallapi.dll,-28519[/EMAIL] | app=system | 
    {84F8F001-E037-46C2-8069-FFDF763EF21D} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-28548"]name=@firewallapi.dll,-28548[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {8E91872C-1D6C-4E4B-A576-599EF1CDC108} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
    {966116C2-9CFC-4FF1-9B76-7A3EDD83F156} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-28550"]name=@firewallapi.dll,-28550[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {AD5ABEEB-BA7C-466F-B5C1-CD642B87B43A} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-28527"]name=@firewallapi.dll,-28527[/EMAIL] | app=system | 
    {B9645A41-74A6-4584-9E03-3E50664DC599} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-28511"]name=@firewallapi.dll,-28511[/EMAIL] | app=system | 
    {BA5DE283-D8B9-4532-AE22-90BA26DC363F} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-28535"]name=@firewallapi.dll,-28535[/EMAIL] | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
    {CF9152BE-1C43-4A1C-817E-A149605469BD} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-28531"]name=@firewallapi.dll,-28531[/EMAIL] | app=system | 
    {D380BBE0-E55A-49F3-81B9-24761DEAF643} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-32789"]name=@firewallapi.dll,-32789[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
    {D539875D-33A1-47A3-A9D2-A3A2FBCB637E} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-32801"]name=@firewallapi.dll,-32801[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {DC478DEE-5D0A-4C51-9227-8C6A11909434} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
    {E03DE931-EC65-4612-852B-E9556D4A44DE} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-32785"]name=@firewallapi.dll,-32785[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
    {E6397563-67C6-419C-B269-3853110A6093} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-32811"]name=@firewallapi.dll,-32811[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
    {FB392392-C22F-4937-8AF6-DACF36EF6742} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-28523"]name=@firewallapi.dll,-28523[/EMAIL] | app=system | 
    {FDB63D2D-5118-4E2A-9718-4F194B97AD74} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-32809"]name=@firewallapi.dll,-32809[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
    < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
    {02136399-041C-4EAA-B21D-134847EC22AC} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
    {0651A82F-77B4-46C9-B49F-7915793F21E2} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
    {1EBFF612-4D4D-4667-B665-85CDEB24D6C2} -> profile=public | protocol=1 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-28543"]name=@firewallapi.dll,-28543[/EMAIL] | 
    {28B06CAB-75E8-4483-8AC8-59B937E149F7} -> profile=public | protocol=58 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-28546"]name=@firewallapi.dll,-28546[/EMAIL] | 
    {2C2067B3-87C0-414F-B16B-3DBB450E6FDC} -> dir=in | action=allow | name=hp device setup (hp officejet pro 8600) | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | 
    {31A0F655-943B-4C18-ACD5-C029280AAE79} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
    {343C8211-9838-46D4-9DCB-C446BFEF8FAC} -> profile=private | protocol=17 | dir=in | action=allow | name=logitech vid hd | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
    {389568ED-736C-455B-B73A-6514B5E24B6F} -> dir=in | action=allow | name=hp network communicator (hp officejet pro 8600) | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | 
    {40C5C899-87A3-46B8-B0E2-31C966D4556E} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    {470A9CE1-2350-4276-90CF-5497DDB01310} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield 3™ | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    {4D0F1894-9E81-46E1-BB0F-A87EED46324F} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
    {5329ABF8-4F1D-41F6-9731-C71E35E901EE} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    {5DE281B4-5771-4AC4-94C9-EE41CFD66B9B} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe | 
    {62AD4D38-1C0A-4F48-A6A3-B13281972C03} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    {66EC4D59-12EE-43B5-B19A-CD186AB472F2} -> profile=private | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    {6B6A6ACA-8C54-49E3-AB86-1E1473045247} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    {6D312A41-DEAB-4C2B-A281-9CC86762330E} -> dir=in | action=allow | name=hp officejet pro 8600 sendfaxappexe | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe | 
    {6F94456E-6C7D-4289-85E4-7C48C815900F} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield 3™ | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    {858FED68-EB7E-4DBC-9088-8252BFE1E2BA} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    {8676B3B5-1F30-453E-AFC8-C00A15DAD911} -> profile=public | protocol=6 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-32821"]name=@firewallapi.dll,-32821[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
    {8ADD5217-1F2D-4BF8-AFB0-09ACFCD71CD2} -> profile=public | protocol=1 | dir=out | action=allow | [EMAIL="name=@firewallapi.dll,-28544"]name=@firewallapi.dll,-28544[/EMAIL] | 
    {9E017217-8C14-4DBA-9D15-85F017E49DFF} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
    {A230F63E-CF31-4CBB-97BA-0E80F52F9768} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
    {A37E05E8-E881-4131-9734-2A7C2215FA0C} -> dir=in | action=allow | name=hp network communicator com (hp officejet pro 8600) | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe | 
    {AD1393E1-8EFF-4F82-96F5-380A7DEA054E} -> dir=in | action=allow | name=hp officejet pro 8600 faxapplications | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe | 
    {B26AB2BD-30E7-44D2-A4FB-26AD26850026} -> dir=in | action=allow | name=hp officejet pro 8600 digitalwizards | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe | 
    {B403E529-8BB7-4207-AA05-7F78DF1CFCA5} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
    {B6254909-F41B-4E08-8831-007447A27B7C} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
    {BF457EB1-B595-4D8A-AAB3-062153005BDE} -> profile=private | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    {CADB6DCD-5C5E-41B8-8BFF-28E1C96A7B6C} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe | 
    {CE7CFE51-A25A-486E-B1AB-EC4DEE947CDE} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
    {D0A137A7-3487-4CFA-995E-15D461715E69} -> profile=private | protocol=6 | dir=in | action=allow | name=logitech vid hd | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
    {FAE6C927-EF3B-4110-949D-64C9DA3637F8} -> profile=public | protocol=58 | dir=in | action=allow | [EMAIL="name=@firewallapi.dll,-28545"]name=@firewallapi.dll,-28545[/EMAIL] | 
    TCP Query User{FBBD57E2-F7B5-41CC-A978-F96F9AD183EA}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
    UDP Query User{529B27EF-8800-4B92-A95E-1B7F9E5D8C18}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 19:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    64bit-comfile [open] -> "%1" %*
    64bit-exefile [open] -> "%1" %*
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = ComFile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = ComFile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
     
     
    [Files/Folders - Created Within 90 Days]
     OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2013/02/14 06:58:50 | 000,646,656 | ---- | C] (OldTimer Tools)
     mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2013/02/14 03:00:34 | 000,096,768 | ---- | C] (Microsoft Corporation)
     mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2013/02/14 03:00:34 | 000,073,216 | ---- | C] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2013/02/14 03:00:33 | 000,248,320 | ---- | C] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2013/02/14 03:00:33 | 000,176,640 | ---- | C] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2013/02/14 03:00:33 | 000,173,056 | ---- | C] (Microsoft Corporation)
     url.dll -> C:\Windows\SysNative\url.dll -> [2013/02/14 03:00:32 | 000,237,056 | ---- | C] (Microsoft Corporation)
     url.dll -> C:\Windows\SysWow64\url.dll -> [2013/02/14 03:00:32 | 000,231,936 | ---- | C] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2013/02/14 03:00:32 | 000,142,848 | ---- | C] (Microsoft Corporation)
     jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2013/02/14 03:00:31 | 002,312,704 | ---- | C] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2013/02/14 03:00:31 | 001,494,528 | ---- | C] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2013/02/14 03:00:31 | 001,427,968 | ---- | C] (Microsoft Corporation)
     msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2013/02/14 03:00:31 | 000,729,088 | ---- | C] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2013/02/14 03:00:29 | 000,816,640 | ---- | C] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2013/02/14 03:00:29 | 000,717,824 | ---- | C] (Microsoft Corporation)
     vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2013/02/14 03:00:29 | 000,599,040 | ---- | C] (Microsoft Corporation)
     ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2013/02/13 12:37:08 | 005,553,512 | ---- | C] (Microsoft Corporation)
     ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2013/02/13 12:37:07 | 003,967,848 | ---- | C] (Microsoft Corporation)
     ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2013/02/13 12:37:07 | 003,913,064 | ---- | C] (Microsoft Corporation)
     winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2013/02/13 12:37:04 | 000,215,040 | ---- | C] (Microsoft Corporation)
     setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2013/02/13 12:37:04 | 000,025,600 | ---- | C] (Microsoft Corporation)
     ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2013/02/13 12:37:04 | 000,014,336 | ---- | C] (Microsoft Corporation)
     instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2013/02/13 12:37:04 | 000,007,680 | ---- | C] (Microsoft Corporation)
     wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2013/02/13 12:37:04 | 000,005,120 | ---- | C] (Microsoft Corporation)
     FWPKCLNT.SYS -> C:\Windows\SysNative\drivers\FWPKCLNT.SYS -> [2013/02/13 12:37:03 | 000,288,088 | ---- | C] (Microsoft Corporation)
     user.exe -> C:\Windows\SysWow64\user.exe -> [2013/02/13 12:37:03 | 000,002,048 | ---- | C] (Microsoft Corporation)
     temp -> C:\Windows\temp -> [2013/02/12 18:37:18 | 000,000,000 | ---D | C]
     $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2013/02/12 18:35:14 | 000,000,000 | -HSD | C]
     SWREG.exe -> C:\Windows\SWREG.exe -> [2013/02/12 18:31:00 | 000,518,144 | ---- | C] (SteelWerX)
     SWSC.exe -> C:\Windows\SWSC.exe -> [2013/02/12 18:31:00 | 000,406,528 | ---- | C] (SteelWerX)
     NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2013/02/12 18:31:00 | 000,060,416 | ---- | C] (NirSoft)
     Qoobox -> C:\Qoobox -> [2013/02/12 18:30:58 | 000,000,000 | ---D | C]
     erdnt -> C:\Windows\erdnt -> [2013/02/12 18:30:52 | 000,000,000 | ---D | C]
     ComboFix.exe -> C:\Users\Owner\Desktop\ComboFix.exe -> [2013/02/12 18:27:35 | 005,033,736 | R--- | C] (Swearware)
     dds.scr -> C:\Users\Owner\Desktop\dds.scr -> [2013/02/11 17:46:40 | 000,688,992 | R--- | C] (Swearware)
     HijackThis.exe -> C:\Users\Owner\Desktop\HijackThis.exe -> [2013/02/11 17:46:05 | 000,388,608 | ---- | C] (Trend Micro Inc.)
     My Vaults -> C:\Windows\SysWow64\My Vaults -> [2013/01/20 12:35:20 | 000,000,000 | ---D | C]
     Programs -> C:\Users\Owner\AppData\Local\Programs -> [2013/01/19 11:52:58 | 000,000,000 | ---D | C]
     Battlefield 3 -> C:\Users\Owner\Documents\Battlefield 3 -> [2013/01/13 20:04:29 | 000,000,000 | ---D | C]
     My Scans -> C:\Users\Owner\Documents\My Scans -> [2013/01/09 00:22:06 | 000,000,000 | ---D | C]
     win32spl.dll -> C:\Windows\SysNative\win32spl.dll -> [2013/01/08 22:31:47 | 000,750,592 | ---- | C] (Microsoft Corporation)
     win32spl.dll -> C:\Windows\SysWow64\win32spl.dll -> [2013/01/08 22:31:47 | 000,492,032 | ---- | C] (Microsoft Corporation)
     usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2013/01/08 22:31:43 | 000,800,768 | ---- | C] (Microsoft Corporation)
     ncrypt.dll -> C:\Windows\SysNative\ncrypt.dll -> [2013/01/08 22:31:43 | 000,307,200 | ---- | C] (Microsoft Corporation)
     Wpc.dll -> C:\Windows\SysNative\Wpc.dll -> [2013/01/08 22:31:42 | 000,441,856 | ---- | C] (Microsoft Corporation)
     fpb.rs -> C:\Windows\SysWow64\fpb.rs -> [2013/01/08 22:31:42 | 000,046,592 | ---- | C] (Microsoft)
     fpb.rs -> C:\Windows\SysNative\fpb.rs -> [2013/01/08 22:31:42 | 000,046,592 | ---- | C] (Microsoft)
     oflc-nz.rs -> C:\Windows\SysWow64\oflc-nz.rs -> [2013/01/08 22:31:42 | 000,045,568 | ---- | C] (Microsoft)
     oflc-nz.rs -> C:\Windows\SysNative\oflc-nz.rs -> [2013/01/08 22:31:42 | 000,045,568 | ---- | C] (Microsoft)
     pegibbfc.rs -> C:\Windows\SysWow64\pegibbfc.rs -> [2013/01/08 22:31:42 | 000,044,544 | ---- | C] (Microsoft)
     pegibbfc.rs -> C:\Windows\SysNative\pegibbfc.rs -> [2013/01/08 22:31:42 | 000,044,544 | ---- | C] (Microsoft)
     csrr.rs -> C:\Windows\SysWow64\csrr.rs -> [2013/01/08 22:31:42 | 000,043,520 | ---- | C] (Microsoft)
     csrr.rs -> C:\Windows\SysNative\csrr.rs -> [2013/01/08 22:31:42 | 000,043,520 | ---- | C] (Microsoft)
     cob-au.rs -> C:\Windows\SysWow64\cob-au.rs -> [2013/01/08 22:31:42 | 000,040,960 | ---- | C] (Microsoft)
     cob-au.rs -> C:\Windows\SysNative\cob-au.rs -> [2013/01/08 22:31:42 | 000,040,960 | ---- | C] (Microsoft)
     usk.rs -> C:\Windows\SysWow64\usk.rs -> [2013/01/08 22:31:42 | 000,030,720 | ---- | C] (Microsoft)
     usk.rs -> C:\Windows\SysNative\usk.rs -> [2013/01/08 22:31:42 | 000,030,720 | ---- | C] (Microsoft)
     grb.rs -> C:\Windows\SysWow64\grb.rs -> [2013/01/08 22:31:42 | 000,021,504 | ---- | C] (Microsoft)
     grb.rs -> C:\Windows\SysNative\grb.rs -> [2013/01/08 22:31:42 | 000,021,504 | ---- | C] (Microsoft)
     pegi-pt.rs -> C:\Windows\SysWow64\pegi-pt.rs -> [2013/01/08 22:31:42 | 000,020,480 | ---- | C] (Microsoft)
     pegi-pt.rs -> C:\Windows\SysNative\pegi-pt.rs -> [2013/01/08 22:31:42 | 000,020,480 | ---- | C] (Microsoft)
     pegi.rs -> C:\Windows\SysWow64\pegi.rs -> [2013/01/08 22:31:42 | 000,020,480 | ---- | C] (Microsoft)
     pegi.rs -> C:\Windows\SysNative\pegi.rs -> [2013/01/08 22:31:42 | 000,020,480 | ---- | C] (Microsoft)
     djctq.rs -> C:\Windows\SysWow64\djctq.rs -> [2013/01/08 22:31:42 | 000,015,360 | ---- | C] (Microsoft)
     djctq.rs -> C:\Windows\SysNative\djctq.rs -> [2013/01/08 22:31:42 | 000,015,360 | ---- | C] (Microsoft)
     gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2013/01/08 22:31:41 | 002,746,368 | ---- | C] (Microsoft Corporation)
     gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2013/01/08 22:31:41 | 002,576,384 | ---- | C] (Microsoft Corporation)
     Wpc.dll -> C:\Windows\SysWow64\Wpc.dll -> [2013/01/08 22:31:41 | 000,308,736 | ---- | C] (Microsoft Corporation)
     cero.rs -> C:\Windows\SysWow64\cero.rs -> [2013/01/08 22:31:41 | 000,055,296 | ---- | C] (Microsoft)
     cero.rs -> C:\Windows\SysNative\cero.rs -> [2013/01/08 22:31:41 | 000,055,296 | ---- | C] (Microsoft)
     esrb.rs -> C:\Windows\SysWow64\esrb.rs -> [2013/01/08 22:31:41 | 000,051,712 | ---- | C] (Microsoft)
     esrb.rs -> C:\Windows\SysNative\esrb.rs -> [2013/01/08 22:31:41 | 000,051,712 | ---- | C] (Microsoft)
     oflc.rs -> C:\Windows\SysWow64\oflc.rs -> [2013/01/08 22:31:41 | 000,023,552 | ---- | C] (Microsoft)
     oflc.rs -> C:\Windows\SysNative\oflc.rs -> [2013/01/08 22:31:41 | 000,023,552 | ---- | C] (Microsoft)
     pegi-fi.rs -> C:\Windows\SysWow64\pegi-fi.rs -> [2013/01/08 22:31:41 | 000,020,480 | ---- | C] (Microsoft)
     pegi-fi.rs -> C:\Windows\SysNative\pegi-fi.rs -> [2013/01/08 22:31:41 | 000,020,480 | ---- | C] (Microsoft)
     kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2013/01/08 22:31:33 | 001,161,216 | ---- | C] (Microsoft Corporation)
     KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2013/01/08 22:31:33 | 000,424,448 | ---- | C] (Microsoft Corporation)
     wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2013/01/08 22:31:33 | 000,362,496 | ---- | C] (Microsoft Corporation)
     conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2013/01/08 22:31:33 | 000,338,432 | ---- | C] (Microsoft Corporation)
     wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2013/01/08 22:31:33 | 000,243,200 | ---- | C] (Microsoft Corporation)
     ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2013/01/08 22:31:33 | 000,016,384 | ---- | C] (Microsoft Corporation)
     wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2013/01/08 22:31:33 | 000,013,312 | ---- | C] (Microsoft Corporation)
     api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,005,120 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,005,120 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 22:31:33 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,006,144 | -H-- | C] (Microsoft Corporation)
     api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,006,144 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,608 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,608 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,608 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,608 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 22:31:32 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2013/01/08 22:31:27 | 000,068,608 | ---- | C] (Microsoft Corporation)
     Logitech -> C:\Users\Owner\AppData\Local\Logitech -> [2013/01/06 18:38:40 | 000,000,000 | ---D | C]
     LNonPnP.sys -> C:\Windows\SysNative\drivers\LNonPnP.sys -> [2013/01/06 18:38:17 | 000,018,960 | ---- | C] (Logitech, Inc.)
     Logitech Gaming Software -> C:\Program Files\Logitech Gaming Software -> [2013/01/06 18:38:04 | 000,000,000 | ---D | C]
     Logitech -> C:\Users\Owner\AppData\Roaming\Logitech -> [2013/01/06 18:37:42 | 000,000,000 | ---D | C]
     Logishrd -> C:\Users\Owner\AppData\Roaming\Logishrd -> [2013/01/06 18:37:42 | 000,000,000 | ---D | C]
     atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/21 03:00:18 | 000,367,616 | ---- | C] (Adobe Systems Incorporated)
     atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/21 03:00:18 | 000,046,080 | ---- | C] (Adobe Systems)
     atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/21 03:00:18 | 000,034,304 | ---- | C] (Adobe Systems)
     atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/21 03:00:17 | 000,295,424 | ---- | C] (Adobe Systems Incorporated)
     Skype -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype -> [2012/12/12 03:22:27 | 000,000,000 | ---D | C]
     Skype -> C:\Program Files (x86)\Common Files\Skype -> [2012/12/12 03:22:27 | 000,000,000 | ---D | C]
     Skype -> C:\Program Files (x86)\Skype -> [2012/12/12 03:22:25 | 000,000,000 | R--D | C]
     dpnet.dll -> C:\Windows\SysNative\dpnet.dll -> [2012/12/11 13:24:54 | 000,478,208 | ---- | C] (Microsoft Corporation)
     dpnet.dll -> C:\Windows\SysWow64\dpnet.dll -> [2012/12/11 13:24:54 | 000,376,832 | ---- | C] (Microsoft Corporation)
     HPDiscoPM5912.dll -> C:\Windows\SysNative\HPDiscoPM5912.dll -> [2012/11/27 19:48:16 | 000,741,480 | ---- | C] (Hewlett-Packard Co.)
     HP -> C:\Program Files\HP -> [2012/11/27 19:48:04 | 000,000,000 | ---D | C]
     Microsoft Mouse and Keyboard Center -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center -> [2012/11/27 19:27:15 | 000,000,000 | ---D | C]
     Microsoft Mouse and Keyboard Center -> C:\Program Files\Microsoft Mouse and Keyboard Center -> [2012/11/27 19:26:55 | 000,000,000 | ---D | C]
     RdpGroupPolicyExtension.dll -> C:\Windows\SysNative\RdpGroupPolicyExtension.dll -> [2012/11/27 19:26:23 | 000,015,360 | ---- | C] (Microsoft Corporation)
     TsUsbRedirectionGroupPolicyExtension.dll -> C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll -> [2012/11/27 19:26:23 | 000,013,312 | ---- | C] (Microsoft Corporation)
     TsUsbRedirectionGroupPolicyControl.exe -> C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe -> [2012/11/27 19:26:23 | 000,013,312 | ---- | C] (Microsoft Corporation)
     TsUsbFlt.sys -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2012/11/27 19:26:22 | 000,057,856 | ---- | C] (Microsoft Corporation)
     TsUsbGD.sys -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2012/11/27 19:26:22 | 000,030,208 | ---- | C] (Microsoft Corporation)
     rdpvideominiport.sys -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2012/11/27 19:26:22 | 000,019,456 | ---- | C] (Microsoft Corporation)
     mstscax.dll -> C:\Windows\SysWow64\mstscax.dll -> [2012/11/27 19:26:21 | 004,916,224 | ---- | C] (Microsoft Corporation)
     rdpcorets.dll -> C:\Windows\SysNative\rdpcorets.dll -> [2012/11/27 19:26:21 | 003,174,912 | ---- | C] (Microsoft Corporation)
     mstsc.exe -> C:\Windows\SysNative\mstsc.exe -> [2012/11/27 19:26:21 | 001,123,840 | ---- | C] (Microsoft Corporation)
     mstsc.exe -> C:\Windows\SysWow64\mstsc.exe -> [2012/11/27 19:26:21 | 001,048,064 | ---- | C] (Microsoft Corporation)
     wksprt.exe -> C:\Windows\SysNative\wksprt.exe -> [2012/11/27 19:26:21 | 000,384,000 | ---- | C] (Microsoft Corporation)
     aaclient.dll -> C:\Windows\SysNative\aaclient.dll -> [2012/11/27 19:26:21 | 000,322,560 | ---- | C] (Microsoft Corporation)
     aaclient.dll -> C:\Windows\SysWow64\aaclient.dll -> [2012/11/27 19:26:21 | 000,269,312 | ---- | C] (Microsoft Corporation)
     rdpudd.dll -> C:\Windows\SysNative\rdpudd.dll -> [2012/11/27 19:26:21 | 000,243,200 | ---- | C] (Microsoft Corporation)
     rdpendp_winip.dll -> C:\Windows\SysNative\rdpendp_winip.dll -> [2012/11/27 19:26:21 | 000,228,864 | ---- | C] (Microsoft Corporation)
     rdpendp_winip.dll -> C:\Windows\SysWow64\rdpendp_winip.dll -> [2012/11/27 19:26:21 | 000,192,000 | ---- | C] (Microsoft Corporation)
     TSWbPrxy.exe -> C:\Windows\SysNative\TSWbPrxy.exe -> [2012/11/27 19:26:21 | 000,062,976 | ---- | C] (Microsoft Corporation)
     MsRdpWebAccess.dll -> C:\Windows\SysNative\MsRdpWebAccess.dll -> [2012/11/27 19:26:21 | 000,054,272 | ---- | C] (Microsoft Corporation)
     MsRdpWebAccess.dll -> C:\Windows\SysWow64\MsRdpWebAccess.dll -> [2012/11/27 19:26:21 | 000,046,592 | ---- | C] (Microsoft Corporation)
     tsgqec.dll -> C:\Windows\SysNative\tsgqec.dll -> [2012/11/27 19:26:21 | 000,044,032 | ---- | C] (Microsoft Corporation)
     TsUsbGDCoInstaller.dll -> C:\Windows\SysNative\TsUsbGDCoInstaller.dll -> [2012/11/27 19:26:21 | 000,043,520 | ---- | C] (Microsoft Corporation)
     tsgqec.dll -> C:\Windows\SysWow64\tsgqec.dll -> [2012/11/27 19:26:21 | 000,037,376 | ---- | C] (Microsoft Corporation)
     wksprtPS.dll -> C:\Windows\SysNative\wksprtPS.dll -> [2012/11/27 19:26:21 | 000,018,432 | ---- | C] (Microsoft Corporation)
     wksprtPS.dll -> C:\Windows\SysWow64\wksprtPS.dll -> [2012/11/27 19:26:21 | 000,016,896 | ---- | C] (Microsoft Corporation)
     mstscax.dll -> C:\Windows\SysNative\mstscax.dll -> [2012/11/27 19:26:20 | 005,773,824 | ---- | C] (Microsoft Corporation)
     lsasrv.dll -> C:\Windows\SysNative\lsasrv.dll -> [2012/11/27 19:23:21 | 001,448,448 | ---- | C] (Microsoft Corporation)
     ProgSense -> C:\Users\Owner\AppData\Roaming\ProgSense -> [2012/11/26 23:33:58 | 000,000,000 | ---D | C]
     Downloads -> C:\Downloads -> [2012/11/26 23:33:58 | 000,000,000 | ---D | C]
     Orbit -> C:\Users\Owner\AppData\Roaming\Orbit -> [2012/11/26 23:30:38 | 000,000,000 | ---D | C]
     ESN -> C:\Users\Owner\AppData\Local\ESN -> [2012/11/25 19:54:44 | 000,000,000 | ---D | C]
     1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> 
     
    [Files/Folders - Modified Within 90 Days]
     OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2013/02/14 06:58:50 | 000,646,656 | ---- | M] (OldTimer Tools)
     Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/02/14 06:49:00 | 000,000,830 | ---- | M] ()
     GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/02/14 06:36:00 | 000,000,896 | ---- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/02/14 03:38:03 | 000,022,096 | -H-- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/02/14 03:38:03 | 000,022,096 | -H-- | M] ()
     PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2013/02/14 03:35:03 | 000,782,838 | ---- | M] ()
     perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2013/02/14 03:35:03 | 000,662,972 | ---- | M] ()
     perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2013/02/14 03:35:03 | 000,121,840 | ---- | M] ()
     GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/02/14 03:31:10 | 000,000,892 | ---- | M] ()
     ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job -> C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job -> [2013/02/14 03:31:09 | 000,000,828 | ---- | M] ()
     WPRO_41_2001.sys -> C:\Windows\SysNative\drivers\WPRO_41_2001.sys -> [2013/02/14 03:30:49 | 000,034,752 | ---- | M] ()
     FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2013/02/14 03:30:39 | 000,420,088 | ---- | M] ()
     bootstat.dat -> C:\Windows\bootstat.dat -> [2013/02/14 03:30:31 | 000,067,584 | --S- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2013/02/14 03:30:11 | 4211,900,414 | -HS- | M] ()
     TrojanMedfos.B removal - Shortcut.lnk -> C:\Users\Owner\Desktop\TrojanMedfos.B removal - Shortcut.lnk -> [2013/02/13 22:28:13 | 000,003,061 | ---- | M] ()
     PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2013/02/13 20:19:12 | 000,281,520 | ---- | M] ()
     PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2013/02/13 20:19:12 | 000,281,520 | ---- | M] ()
     PnkBstrB.ex0 -> C:\Windows\SysWow64\PnkBstrB.ex0 -> [2013/02/13 20:13:22 | 000,281,520 | ---- | M] ()
     XGU site.url -> C:\Users\Owner\Desktop\XGU site.url -> [2013/02/13 19:58:37 | 000,000,193 | ---- | M] ()
     ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job -> C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job -> [2013/02/13 13:13:01 | 000,000,830 | ---- | M] ()
     hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2013/02/12 18:35:10 | 000,000,027 | ---- | M] ()
     ComboFix.exe -> C:\Users\Owner\Desktop\ComboFix.exe -> [2013/02/12 18:27:49 | 005,033,736 | R--- | M] (Swearware)
     census.cache -> C:\Users\Owner\AppData\Local\census.cache -> [2013/02/12 02:37:43 | 006,109,848 | ---- | M] ()
     ars.cache -> C:\Users\Owner\AppData\Local\ars.cache -> [2013/02/12 02:35:02 | 000,123,618 | ---- | M] ()
     DCEBOOT.RST -> C:\Windows\DCEBOOT.RST -> [2013/02/11 22:46:43 | 000,000,398 | ---- | M] ()
     DCEBoot64.exe -> C:\Windows\DCEBoot64.exe -> [2013/02/11 22:45:50 | 000,022,064 | ---- | M] ()
     housecall.guid.cache -> C:\Users\Owner\AppData\Local\housecall.guid.cache -> [2013/02/11 22:39:32 | 000,000,036 | ---- | M] ()
     TrojanJS-Medfos.B infection - Tech Support Guy Forums.url -> C:\Users\Owner\Desktop\TrojanJS-Medfos.B infection - Tech Support Guy Forums.url -> [2013/02/11 18:17:48 | 000,001,177 | ---- | M] ()
     h4zzyvoq.exe -> C:\Users\Owner\Desktop\h4zzyvoq.exe -> [2013/02/11 17:47:49 | 000,365,568 | ---- | M] ()
     dds.scr -> C:\Users\Owner\Desktop\dds.scr -> [2013/02/11 17:46:40 | 000,688,992 | R--- | M] (Swearware)
     HijackThis.exe -> C:\Users\Owner\Desktop\HijackThis.exe -> [2013/02/11 17:46:05 | 000,388,608 | ---- | M] (Trend Micro Inc.)
     Secunia scanner.url -> C:\Users\Owner\Desktop\Secunia scanner.url -> [2013/02/11 17:44:00 | 000,000,262 | ---- | M] ()
     indychauffuer's channel - Wright Bros.url -> C:\Users\Owner\Desktop\indychauffuer's channel - Wright Bros.url -> [2013/02/10 23:37:24 | 000,000,304 | ---- | M] ()
     Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more!.url -> C:\Users\Owner\Desktop\Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more!.url -> [2013/02/10 23:32:51 | 000,000,828 | ---- | M] ()
     Pirate Bay.url -> C:\Users\Owner\Desktop\Pirate Bay.url -> [2013/02/08 16:40:31 | 000,000,214 | ---- | M] ()
     FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/02/08 07:49:29 | 000,697,712 | ---- | M] (Adobe Systems Incorporated)
     FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/02/08 07:49:29 | 000,074,096 | ---- | M] (Adobe Systems Incorporated)
     L319 Gallery.url -> C:\Users\Owner\Desktop\L319 Gallery.url -> [2013/02/05 21:44:53 | 000,000,270 | ---- | M] ()
     L319-lina - Google Search.url -> C:\Users\Owner\Desktop\L319-lina - Google Search.url -> [2013/02/05 21:39:24 | 000,000,463 | ---- | M] ()
     wrap_oal.dll -> C:\Windows\SysNative\wrap_oal.dll -> [2013/01/31 23:52:20 | 000,419,840 | ---- | M] (Creative Labs)
     wrap_oal.dll -> C:\Windows\SysWow64\wrap_oal.dll -> [2013/01/31 23:52:20 | 000,413,696 | ---- | M] (Creative Labs)
     OpenAL32.dll -> C:\Windows\SysNative\OpenAL32.dll -> [2013/01/31 23:52:20 | 000,111,616 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
     OpenAL32.dll -> C:\Windows\SysWow64\OpenAL32.dll -> [2013/01/31 23:52:20 | 000,102,400 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
     Cmicnfgp.ini.cfl -> C:\Windows\Cmicnfgp.ini.cfl -> [2013/01/31 23:52:07 | 000,063,381 | ---- | M] ()
     Cmicnfgp.ini.imi -> C:\Windows\Cmicnfgp.ini.imi -> [2013/01/31 23:52:07 | 000,000,961 | ---- | M] ()
     Cmicnfgp.ini -> C:\Windows\System\Cmicnfgp.ini -> [2013/01/31 23:52:07 | 000,000,900 | ---- | M] ()
     Dlap.pfx -> C:\Windows\System\Dlap.pfx -> [2013/01/31 23:52:07 | 000,000,140 | ---- | M] ()
     .backup.dm -> C:\Users\Owner\AppData\Roaming\.backup.dm -> [2013/01/20 12:24:27 | 000,000,288 | ---- | M] ()
     Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2013/01/19 11:53:34 | 000,001,109 | ---- | M] ()
     TeamWarfare League™ Community Based Gaming.url -> C:\Users\Owner\Desktop\TeamWarfare League™ Community Based Gaming.url -> [2013/01/12 12:46:58 | 000,001,115 | ---- | M] ()
     PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2013/01/09 03:08:47 | 000,776,562 | ---- | M] ()
     GiosPdfSplitterMerger.lnk -> C:\Users\Owner\Desktop\GiosPdfSplitterMerger.lnk -> [2013/01/09 00:11:12 | 000,004,696 | ---- | M] ()
     PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2013/01/08 22:08:06 | 000,076,888 | ---- | M] ()
     jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2013/01/08 17:19:09 | 002,312,704 | ---- | M] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2013/01/08 17:11:06 | 001,494,528 | ---- | M] (Microsoft Corporation)
     url.dll -> C:\Windows\SysNative\url.dll -> [2013/01/08 17:10:26 | 000,237,056 | ---- | M] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2013/01/08 17:07:51 | 000,173,056 | ---- | M] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2013/01/08 17:07:50 | 000,816,640 | ---- | M] (Microsoft Corporation)
     vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2013/01/08 17:07:47 | 000,599,040 | ---- | M] (Microsoft Corporation)
     msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2013/01/08 17:06:39 | 000,729,088 | ---- | M] (Microsoft Corporation)
     mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2013/01/08 17:04:58 | 000,096,768 | ---- | M] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2013/01/08 17:00:48 | 000,248,320 | ---- | M] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2013/01/08 14:03:12 | 001,427,968 | ---- | M] (Microsoft Corporation)
     url.dll -> C:\Windows\SysWow64\url.dll -> [2013/01/08 14:01:48 | 000,231,936 | ---- | M] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2013/01/08 13:59:02 | 000,142,848 | ---- | M] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2013/01/08 13:58:43 | 000,717,824 | ---- | M] (Microsoft Corporation)
     mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2013/01/08 13:56:37 | 000,073,216 | ---- | M] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2013/01/08 13:53:13 | 000,176,640 | ---- | M] (Microsoft Corporation)
     LNonPnP.sys -> C:\Windows\SysNative\drivers\LNonPnP.sys -> [2013/01/06 18:38:17 | 000,018,960 | ---- | M] (Logitech, Inc.)
     ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2013/01/04 21:53:43 | 005,553,512 | ---- | M] (Microsoft Corporation)
     ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2013/01/04 21:00:15 | 003,967,848 | ---- | M] (Microsoft Corporation)
     ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2013/01/04 21:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation)
     winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2013/01/03 21:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation)
     wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2013/01/03 20:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation)
     setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2013/01/03 18:47:35 | 000,025,600 | ---- | M] (Microsoft Corporation)
     instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2013/01/03 18:47:34 | 000,007,680 | ---- | M] (Microsoft Corporation)
     user.exe -> C:\Windows\SysWow64\user.exe -> [2013/01/03 18:47:34 | 000,002,048 | ---- | M] (Microsoft Corporation)
     ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2013/01/03 18:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation)
     FWPKCLNT.SYS -> C:\Windows\SysNative\drivers\FWPKCLNT.SYS -> [2013/01/02 22:00:42 | 000,288,088 | ---- | M] (Microsoft Corporation)
     TeamViewer 8.lnk -> C:\Users\Public\Desktop\TeamViewer 8.lnk -> [2012/12/31 23:08:49 | 000,001,090 | ---- | M] ()
     http--xguclan.com-gigits-stats-.url -> C:\Users\Owner\Desktop\http--xguclan.com-gigits-stats-.url -> [2012/12/21 16:59:44 | 000,000,228 | ---- | M] ()
     TeamSpeak 3 Client.lnk -> C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> [2012/12/17 21:49:45 | 000,001,011 | ---- | M] ()
     Core Temp.lnk -> C:\Users\Owner\Desktop\Core Temp.lnk -> [2012/12/17 21:49:45 | 000,000,992 | ---- | M] ()
     CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2012/12/17 21:49:45 | 000,000,866 | ---- | M] ()
     atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems)
     atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated)
     atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated)
     atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems)
     mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation)
     Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2012/12/12 03:22:27 | 000,002,515 | ---- | M] ()
     Wpc.dll -> C:\Windows\SysNative\Wpc.dll -> [2012/12/07 05:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation)
     gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2012/12/07 05:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation)
     Wpc.dll -> C:\Windows\SysWow64\Wpc.dll -> [2012/12/07 04:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation)
     gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2012/12/07 04:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation)
     usk.rs -> C:\Windows\SysNative\usk.rs -> [2012/12/07 03:20:04 | 000,030,720 | ---- | M] (Microsoft)
     csrr.rs -> C:\Windows\SysNative\csrr.rs -> [2012/12/07 03:20:03 | 000,043,520 | ---- | M] (Microsoft)
     oflc.rs -> C:\Windows\SysNative\oflc.rs -> [2012/12/07 03:20:03 | 000,023,552 | ---- | M] (Microsoft)
     oflc-nz.rs -> C:\Windows\SysNative\oflc-nz.rs -> [2012/12/07 03:20:01 | 000,045,568 | ---- | M] (Microsoft)
     pegibbfc.rs -> C:\Windows\SysNative\pegibbfc.rs -> [2012/12/07 03:20:01 | 000,044,544 | ---- | M] (Microsoft)
     pegi-fi.rs -> C:\Windows\SysNative\pegi-fi.rs -> [2012/12/07 03:20:01 | 000,020,480 | ---- | M] (Microsoft)
     pegi-pt.rs -> C:\Windows\SysNative\pegi-pt.rs -> [2012/12/07 03:20:00 | 000,020,480 | ---- | M] (Microsoft)
     pegi.rs -> C:\Windows\SysNative\pegi.rs -> [2012/12/07 03:19:59 | 000,020,480 | ---- | M] (Microsoft)
     fpb.rs -> C:\Windows\SysNative\fpb.rs -> [2012/12/07 03:19:58 | 000,046,592 | ---- | M] (Microsoft)
     cob-au.rs -> C:\Windows\SysNative\cob-au.rs -> [2012/12/07 03:19:57 | 000,040,960 | ---- | M] (Microsoft)
     grb.rs -> C:\Windows\SysNative\grb.rs -> [2012/12/07 03:19:57 | 000,021,504 | ---- | M] (Microsoft)
     djctq.rs -> C:\Windows\SysNative\djctq.rs -> [2012/12/07 03:19:57 | 000,015,360 | ---- | M] (Microsoft)
     cero.rs -> C:\Windows\SysNative\cero.rs -> [2012/12/07 03:19:56 | 000,055,296 | ---- | M] (Microsoft)
     esrb.rs -> C:\Windows\SysNative\esrb.rs -> [2012/12/07 03:19:55 | 000,051,712 | ---- | M] (Microsoft)
     csrr.rs -> C:\Windows\SysWow64\csrr.rs -> [2012/12/07 02:46:42 | 000,043,520 | ---- | M] (Microsoft)
     usk.rs -> C:\Windows\SysWow64\usk.rs -> [2012/12/07 02:46:42 | 000,030,720 | ---- | M] (Microsoft)
     oflc-nz.rs -> C:\Windows\SysWow64\oflc-nz.rs -> [2012/12/07 02:46:41 | 000,045,568 | ---- | M] (Microsoft)
     pegibbfc.rs -> C:\Windows\SysWow64\pegibbfc.rs -> [2012/12/07 02:46:41 | 000,044,544 | ---- | M] (Microsoft)
     oflc.rs -> C:\Windows\SysWow64\oflc.rs -> [2012/12/07 02:46:41 | 000,023,552 | ---- | M] (Microsoft)
     pegi-pt.rs -> C:\Windows\SysWow64\pegi-pt.rs -> [2012/12/07 02:46:41 | 000,020,480 | ---- | M] (Microsoft)
     pegi-fi.rs -> C:\Windows\SysWow64\pegi-fi.rs -> [2012/12/07 02:46:40 | 000,020,480 | ---- | M] (Microsoft)
     fpb.rs -> C:\Windows\SysWow64\fpb.rs -> [2012/12/07 02:46:39 | 000,046,592 | ---- | M] (Microsoft)
     pegi.rs -> C:\Windows\SysWow64\pegi.rs -> [2012/12/07 02:46:39 | 000,020,480 | ---- | M] (Microsoft)
     grb.rs -> C:\Windows\SysWow64\grb.rs -> [2012/12/07 02:46:38 | 000,021,504 | ---- | M] (Microsoft)
     cob-au.rs -> C:\Windows\SysWow64\cob-au.rs -> [2012/12/07 02:46:37 | 000,040,960 | ---- | M] (Microsoft)
     djctq.rs -> C:\Windows\SysWow64\djctq.rs -> [2012/12/07 02:46:37 | 000,015,360 | ---- | M] (Microsoft)
     cero.rs -> C:\Windows\SysWow64\cero.rs -> [2012/12/07 02:46:36 | 000,055,296 | ---- | M] (Microsoft)
     esrb.rs -> C:\Windows\SysWow64\esrb.rs -> [2012/12/07 02:46:36 | 000,051,712 | ---- | M] (Microsoft)
     wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2012/11/29 21:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation)
     wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2012/11/29 21:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation)
     wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2012/11/29 21:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation)
     ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2012/11/29 21:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation)
     kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2012/11/29 21:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation)
     KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2012/11/29 21:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation)
     api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2012/11/29 21:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2012/11/29 21:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2012/11/29 20:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2012/11/29 20:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2012/11/29 19:23:48 | 000,338,432 | ---- | M] (Microsoft Corporation)
     api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2012/11/29 18:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/11/29 18:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2012/11/29 18:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2012/11/29 18:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     TWL 1vs1 Armor Ladder Match videos and commentary.url -> C:\Users\Owner\Desktop\TWL 1vs1 Armor Ladder Match videos and commentary.url -> [2012/11/28 06:33:46 | 000,002,406 | ---- | M] ()
     HP Officejet Pro 8600.lnk -> C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk -> [2012/11/27 19:48:16 | 000,002,200 | ---- | M] ()
     taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2012/11/22 19:13:57 | 000,068,608 | ---- | M] (Microsoft Corporation)
     usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2012/11/21 21:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation)
     ncrypt.dll -> C:\Windows\SysNative\ncrypt.dll -> [2012/11/19 21:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation)
     1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> 
     
    [Files - No Company Name]
     TrojanMedfos.B removal - Shortcut.lnk -> C:\Users\Owner\Desktop\TrojanMedfos.B removal - Shortcut.lnk -> [2013/02/13 22:28:13 | 000,003,061 | ---- | C] ()
     PEV.exe -> C:\Windows\PEV.exe -> [2013/02/12 18:31:00 | 000,256,000 | ---- | C] ()
     MBR.exe -> C:\Windows\MBR.exe -> [2013/02/12 18:31:00 | 000,208,896 | ---- | C] ()
     sed.exe -> C:\Windows\sed.exe -> [2013/02/12 18:31:00 | 000,098,816 | ---- | C] ()
     grep.exe -> C:\Windows\grep.exe -> [2013/02/12 18:31:00 | 000,080,412 | ---- | C] ()
     zip.exe -> C:\Windows\zip.exe -> [2013/02/12 18:31:00 | 000,068,096 | ---- | C] ()
     DCEBOOT.RST -> C:\Windows\DCEBOOT.RST -> [2013/02/11 22:46:43 | 000,000,398 | ---- | C] ()
     DCEBoot64.exe -> C:\Windows\DCEBoot64.exe -> [2013/02/11 22:45:50 | 000,022,064 | ---- | C] ()
     census.cache -> C:\Users\Owner\AppData\Local\census.cache -> [2013/02/11 22:45:33 | 006,109,848 | ---- | C] ()
     ars.cache -> C:\Users\Owner\AppData\Local\ars.cache -> [2013/02/11 22:45:26 | 000,123,618 | ---- | C] ()
     housecall.guid.cache -> C:\Users\Owner\AppData\Local\housecall.guid.cache -> [2013/02/11 22:39:32 | 000,000,036 | ---- | C] ()
     TrojanJS-Medfos.B infection - Tech Support Guy Forums.url -> C:\Users\Owner\Desktop\TrojanJS-Medfos.B infection - Tech Support Guy Forums.url -> [2013/02/11 18:17:48 | 000,001,177 | ---- | C] ()
     h4zzyvoq.exe -> C:\Users\Owner\Desktop\h4zzyvoq.exe -> [2013/02/11 17:47:49 | 000,365,568 | ---- | C] ()
     Secunia scanner.url -> C:\Users\Owner\Desktop\Secunia scanner.url -> [2013/02/11 17:44:00 | 000,000,262 | ---- | C] ()
     Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more!.url -> C:\Users\Owner\Desktop\Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more!.url -> [2013/02/10 23:32:51 | 000,000,828 | ---- | C] ()
     XGU site.url -> C:\Users\Owner\Desktop\XGU site.url -> [2013/02/10 17:22:05 | 000,000,193 | ---- | C] ()
     Snipping Tool.lnk -> C:\Users\Owner\Desktop\Snipping Tool.lnk -> [2013/02/10 09:28:36 | 000,001,272 | ---- | C] ()
     Pirate Bay.url -> C:\Users\Owner\Desktop\Pirate Bay.url -> [2013/02/08 16:40:31 | 000,000,214 | ---- | C] ()
     L319 Gallery.url -> C:\Users\Owner\Desktop\L319 Gallery.url -> [2013/02/05 21:44:53 | 000,000,270 | ---- | C] ()
     L319-lina - Google Search.url -> C:\Users\Owner\Desktop\L319-lina - Google Search.url -> [2013/02/05 21:39:24 | 000,000,463 | ---- | C] ()
     .backup.dm -> C:\Users\Owner\AppData\Roaming\.backup.dm -> [2013/01/20 12:24:27 | 000,000,288 | ---- | C] ()
     Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2013/01/19 11:53:34 | 000,001,109 | ---- | C] ()
     TeamWarfare League™ Community Based Gaming.url -> C:\Users\Owner\Desktop\TeamWarfare League™ Community Based Gaming.url -> [2013/01/12 12:46:58 | 000,001,115 | ---- | C] ()
     GiosPdfSplitterMerger.lnk -> C:\Users\Owner\Desktop\GiosPdfSplitterMerger.lnk -> [2013/01/09 00:11:12 | 000,004,696 | ---- | C] ()
     pbsvc.exe -> C:\Windows\SysWow64\pbsvc.exe -> [2013/01/08 22:05:25 | 002,580,552 | ---- | C] ()
     TeamViewer 8.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk -> [2012/12/31 23:08:49 | 000,001,102 | ---- | C] ()
     TeamViewer 8.lnk -> C:\Users\Public\Desktop\TeamViewer 8.lnk -> [2012/12/31 23:08:49 | 000,001,090 | ---- | C] ()
     TWL 1vs1 Armor Ladder Match videos and commentary.url -> C:\Users\Owner\Desktop\TWL 1vs1 Armor Ladder Match videos and commentary.url -> [2012/11/28 06:33:46 | 000,002,406 | ---- | C] ()
     igdde32.dll -> C:\Windows\SysWow64\igdde32.dll -> [2012/10/10 02:22:34 | 000,064,512 | ---- | C] ()
     igvpkrng700.bin -> C:\Windows\SysWow64\igvpkrng700.bin -> [2012/10/10 02:22:32 | 000,598,780 | ---- | C] ()
     igcodeckrng700.bin -> C:\Windows\SysWow64\igcodeckrng700.bin -> [2012/10/10 02:22:16 | 000,755,048 | ---- | C] ()
     HsMgr.exe -> C:\Windows\SysWow64\HsMgr.exe -> [2012/08/22 19:14:11 | 000,200,704 | ---- | C] ()
     VmixP8.dll -> C:\Windows\SysWow64\VmixP8.dll -> [2012/08/22 19:14:11 | 000,143,360 | ---- | C] ()
     Cmicnfgp.ini.cfl -> C:\Windows\Cmicnfgp.ini.cfl -> [2012/08/22 19:14:11 | 000,063,381 | ---- | C] ()
     cmasiop.ini -> C:\Windows\SysWow64\cmasiop.ini -> [2012/08/22 19:14:11 | 000,000,048 | ---- | C] ()
     Cmicnfgp.ini.imi -> C:\Windows\Cmicnfgp.ini.imi -> [2012/08/22 18:48:34 | 000,000,961 | ---- | C] ()
     Cmicnfgp.ini.cfg -> C:\Windows\Cmicnfgp.ini.cfg -> [2012/08/22 18:48:31 | 000,005,060 | ---- | C] ()
     {EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2012/06/25 20:34:31 | 000,000,262 | ---- | C] ()
     Ament.ini -> C:\ProgramData\Ament.ini -> [2012/06/12 18:20:24 | 000,000,057 | ---- | C] ()
     PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2012/06/05 18:13:14 | 000,281,520 | ---- | C] ()
     PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2012/06/05 18:13:13 | 000,076,888 | ---- | C] ()
     PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2012/06/03 20:56:51 | 000,776,562 | ---- | C] ()
     igkrng700.bin -> C:\Windows\SysWow64\igkrng700.bin -> [2012/03/19 22:37:12 | 000,755,188 | ---- | C] ()
     igfcg700m.bin -> C:\Windows\SysWow64\igfcg700m.bin -> [2012/03/19 22:37:12 | 000,561,508 | ---- | C] ()
     IusEventLog.dll -> C:\Windows\SysWow64\IusEventLog.dll -> [2012/02/02 21:08:26 | 000,001,536 | ---- | C] ()
     LogiDPP.dll -> C:\Windows\SysWow64\LogiDPP.dll -> [2012/01/17 22:44:00 | 010,920,984 | ---- | C] ()
     DevManagerCore.dll -> C:\Windows\SysWow64\DevManagerCore.dll -> [2012/01/17 22:44:00 | 000,336,408 | ---- | C] ()
     LogiDPPApp.exe -> C:\Windows\SysWow64\LogiDPPApp.exe -> [2012/01/17 22:44:00 | 000,104,472 | ---- | C] ()
    < End of report >
    
     
  8. MnM3

    MnM3 Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    23
    Hmmm that was weird. I got a timeout when uploading the reply.
    Since it doesn't look right, I'll attach the OTS log.

    Mark
     

    Attached Files:

    • OTS.Txt
      File size:
      203.9 KB
      Views:
      1
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,896
    Start OTS. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


    Code:
    [Unregister Dlls]
    [Registry - Safe List]
    < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "dmscsh" -> ["C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmscsh.dll",UnpackTuple]
    YN -> "mdlwmt" -> ["C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\mdlwmt.dll",vExecTokenA]
    [Empty Temp Folders]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

    I will review the information when it comes back in.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. And whether this fixed it
     
  10. MnM3

    MnM3 Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    23
    Derek,

    OTS fix completed.

    See below for log file.

    I'll reboot a couple times and also run a full MSE and Malwarebytes scans overnight to see if they find anything. I'll report findings.

    BTW - What about my USB 2TB backup drive? I assume maybe I should delete old backups and do a new one when we feel this box is clean.

    Thanks for your help once again.

    Mark


    All Processes Killed
    [Registry - Safe List]
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmscsh deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mdlwmt deleted successfully.
    [Empty Temp Folders]


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: New folder
    ->Temp folder emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 6188 bytes
    ->Temporary Internet Files folder emptied: 11103024 bytes
    ->Java cache emptied: 1198334 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 25936537 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
    RecycleBin emptied: 35283 bytes

    Total Files Cleaned = 37.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: New folder

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: New folder

    User: Owner
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    < End of fix log >
    OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02142013_181422
    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
    Registry entries deleted on Reboot...
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,896
    it should be all OK now
    yes it would be sensible to delete old backups & create new ones now it is clean

    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop
    Please double-click OTS.exe to run it.

    press clean-up & it will delete/uninstall all the tools we have used to fix your problems and all their backup folders and then delete itself when you next reboot
    Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  12. MnM3

    MnM3 Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    23
    Derek,

    I think you right.

    I ran full scans and rebooted a couple times.
    Nothing was found. Wahoo!!

    I removed the serach and destroy software items as instructed and am running the updater program as I write this.

    Thanks for all your help. Very much appreciated.

    We can mark as closed.

    Mark
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089132