Weird "FBI" Virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
M

MrMurdstone

Thread Starter
Joined
Mar 7, 2012
Messages
55
So, I randomly got a full-screen popup that said I was caught watching child porn and needed to pay money to the FBI to get my computer unlocked. I managed to exit it, but I want to get rid of this before it gets worse. I've also been getting rerouted to different websites from google and other stuff like that before this.

I would greatly appreciate any help I can get.

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:28:21 PM, on 1/7/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kyle\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Createand] rundll32.exe "C:\Users\Kyle\AppData\Local\Create and edit Wired policies\createandedit.dll",wjbePhEQNQ
O4 - HKCU\..\Run: [AMD] RUNDLL32.EXE C:\Users\Kyle\AppData\Local\AMD\kwjorpbj.dll,ompd_get_fork_routine
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9593 bytes



DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.6.2
Run by Kyle at 16:28:42 on 2013-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8102.5990 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ASRockXTU] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Kyle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Kyle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B52C507F-1602-4220-BF53-EBE4DE6DFA59} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\mqc4bwx7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2012-8-20 31016]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-20 16152]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-8-20 17192]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-20 239616]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-20 13592]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-30 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-20 682344]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-8-20 95760]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-20 331264]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-20 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-20 787736]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-20 24176]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-8-20 32344]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-8-20 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-20 1255736]
.
=============== Created Last 30 ================
.
2013-01-08 00:04:30 710504 ----a-w- C:\Windows\isRS-000.tmp
2013-01-08 00:04:17 -------- d-----w- C:\Users\Kyle\AppData\Local\Programs
2012-12-21 19:36:18 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2012-12-21 07:29:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 07:29:50 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 07:29:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 07:29:50 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 22:24:59 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-11 04:58:52 -------- d-----w- C:\Program Files (x86)\Ventrilo
2012-12-11 04:58:28 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-12-10 00:44:27 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Mumble
2012-12-10 00:43:44 -------- d-----w- C:\Program Files (x86)\Mumble
.
==================== Find3M ====================
.
2013-01-08 00:05:40 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-22 07:30:34 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-11-22 07:30:33 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-11-22 07:30:33 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-11-22 07:30:33 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 16:28:53.67 ===============


DDS attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2012 1:22:06 AM
System Uptime: 1/7/2013 4:05:22 PM (0 hours ago)
.
Motherboard: ASRock | | Z77 Extreme4
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 2482/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 729.12 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP43: 12/21/2012 5:00:24 PM - Installed DirectX
RP44: 12/29/2012 9:08:42 PM - Scheduled Checkpoint
RP45: 1/5/2013 10:21:22 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.181
ASRock InstantBoot v1.29
ASRock XFast RAM v2.0.9
Bonjour
Broadcom NetLink Controller
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
Dead Island
Diablo III
DiRT Showdown
Dota 2
erLT
Heroes of Newerth
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 2.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
iTunes
Java 7 Update 6
Java 7 Update 6 (64-bit)
Java Auto Updater
KhalInstallWrapper
Logitech SetPoint
Magic Online
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.3
OpenAL
OpenOffice.org 3.4.1
PlanetSide 2
Rapture3D 2.4.11 Game
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Steam
SwiftKit
Team Fortress 2
TeamSpeak 3 Client
Trillian
Ventrilo Client
WinRAR 4.20 (64-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
1/7/2013 4:06:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/4/2013 5:11:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================



GMER:

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-07 18:49:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.1AJ1 931.51GB
Running: gmer.exe; Driver: C:\Users\Kyle\AppData\Local\Temp\kxldqpow.sys


---- User code sections - GMER 2.0 ----

.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000074d51401 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000074d51419 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000074d51431 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000074d5144a 2 bytes [D5, 74]
.text ... * 9
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000074d514dd 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074d514f5 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000074d5150d 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074d51525 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000074d5153d 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000074d51555 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000074d5156d 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000074d51585 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000074d5159d 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000074d515b5 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000074d515cd 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000074d516b2 2 bytes [D5, 74]
.text C:\Windows\SysWOW64\rundll32.exe[2924] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000074d516bd 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d51401 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d51419 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d51431 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d5144a 2 bytes [D5, 74]
.text ... * 9
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d514dd 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d514f5 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d5150d 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d51525 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d5153d 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d51555 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d5156d 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d51585 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d5159d 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d515b5 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d515cd 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d516b2 2 bytes [D5, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d516bd 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076d1548e 5 bytes JMP 0000000100080800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d51401 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d51419 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d51431 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d5144a 2 bytes [D5, 74]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d514dd 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d514f5 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d5150d 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d51525 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d5153d 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d51555 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d5156d 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d51585 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d5159d 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d515b5 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d515cd 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d516b2 2 bytes [D5, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d516bd 2 bytes [D5, 74]

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2464] 00000000731862ee
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2664] 0000000077662e25
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2700] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2708] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2900] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2772] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2816] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2904] 000000006f430540
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2720] 000000006daca510
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:3036] 000000006e2d28ad
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:3040] 0000000077663e45
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2968] 0000000077663e45
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2964] 0000000077663e45
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2856] 000000006daca510
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:1064] 000000006daca510
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:1280] 000000006daca510
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2040] 000000006f430540
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:3464] 000000006f430540
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:2868] 00000000380b5530
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4232] 000000006f430540
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4236] 000000006f430540
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4256] 000000006f430540
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4264] 000000007516d864
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4328] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4332] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4336] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4340] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4344] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4348] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4352] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4356] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4360] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4364] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4368] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4416] 0000000077663e45
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4420] 000000006f430540
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4460] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4464] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4468] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4472] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\Steam.exe [2872:4500] 000000006f54b420
Thread [3016:2808] 000000007383345e
Thread [3016:2764] 000000007383345e
Thread [3016:2768] 000000007383345e
Thread [3016:2740] 000000007383345e
Thread [3016:2736] 000000007383345e
Thread [3016:2748] 000000007383345e
Thread [3016:3024] 0000000077663e45
Thread [3016:3028] 0000000077662e25
Thread [3016:2776] 0000000034068190
Thread [3016:2792] 0000000077663e45
Thread [3016:3356] 000000006d68786a
Thread [3016:3364] 00000000731862ee
Thread [3016:3436] 0000000031014e30
Thread [3016:3444] 000000001601f3c0
Thread [3016:3448] 000000001601fc10
Thread [3016:3452] 0000000016035790
Thread [3016:3456] 00000000160338a0
Thread [3016:3460] 0000000016033bf0
Thread [3016:4012] 00000000735127c1
Thread [3016:4080] 0000000077663e45
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3248] 000007fef5afcc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3292] 000007fef59bb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3576] 000007fefefd0168
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3608] 000007fef59bb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3616] 000007fef59bb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3652] 000007fef59bb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3712] 000007fef59bb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3716] 000007fef5acf718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3724] 000007fef59bb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3728] 000007fef59bb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3732] 000007fef59b143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:3836] 000007fef5ff6050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:4572] 000007fef59bb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:4804] 000007fef59bb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752:4832] 000007fef59bb564
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ [3016] 0000000000400000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1752] 000007feff320000

---- EOF - GMER 2.0 ----
 
dvk01

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
 
M

MrMurdstone

Thread Starter
Joined
Mar 7, 2012
Messages
55
ComboFix 13-01-08.01 - Kyle 01/08/2013 9:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8101.6369 [GMT -8:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-08 17:23 . 2013-01-08 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-08 00:04 . 2013-01-08 00:04 -------- d-----w- c:\users\Kyle\AppData\Local\Programs
2012-12-21 19:36 . 2013-01-08 17:02 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2012-12-21 07:29 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 07:29 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 07:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 07:29 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-12 22:24 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-11 04:59 . 2012-12-11 05:00 -------- d-----w- c:\users\Kyle\AppData\Roaming\Ventrilo
2012-12-11 04:58 . 2012-12-11 04:58 -------- d-----w- c:\program files (x86)\Ventrilo
2012-12-11 04:58 . 2012-12-11 04:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-10 00:44 . 2013-01-08 03:07 -------- d-----w- c:\users\Kyle\AppData\Roaming\Mumble
2012-12-10 00:43 . 2012-12-10 00:43 -------- d-----w- c:\program files (x86)\Mumble
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 17:02 . 2012-08-20 08:43 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2012-12-15 00:49 . 2012-08-21 02:18 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 02:06 . 2012-08-21 05:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-22 07:30 . 2012-11-22 07:30 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-22 07:30 . 2012-11-22 07:30 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-11-22 07:30 . 2012-11-22 07:30 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-22 07:30 . 2012-11-22 07:30 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-11-08 17:24 . 2012-12-02 12:42 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{780B870E-A573-4176-8A4A-BE14044705A4}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"AMD"="c:\users\Kyle\AppData\Local\AMD\kwjorpbj.dll" [2012-12-02 299520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-26 2380752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-8-31 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-17 30336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-21 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-22 49760]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-01-13 31016]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-12 239616]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-24 95760]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-01-08 34752]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 05:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-22 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-22 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\mqc4bwx7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-Createand - c:\users\Kyle\AppData\Local\Create and edit Wired policies\createandedit.dll
AddRemove-ASRock InstantBoot_is1 - c:\program files (x86)\ASRock Utility\InstantBoot\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-08 09:25:01
ComboFix-quarantined-files.txt 2013-01-08 17:25
.
Pre-Run: 788,414,496,768 bytes free
Post-Run: 789,683,593,216 bytes free
.
- - End Of File - - 84378A9432744A8C63CCB04989C705D0
 
dvk01

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That isn't showing anything

Download OTScanIt.exe to your Desktop
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Double-click on OTS.exe to start the program.
  • In the Files Age drop down box click 90
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
 
M

MrMurdstone

Thread Starter
Joined
Mar 7, 2012
Messages
55
Code: 
OTS logfile created on: 1/8/2013 1:52:52 PM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 735.16 Gb Free Space | 78.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KYLE-PC
Current User Name: Kyle
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Kyle\Desktop\OTS.exe -> [2013/01/08 13:21:31 | 000,646,656 | ---- | M] (OldTimer Tools)
steamservice.exe -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2012/12/20 13:02:48 | 000,541,760 | ---- | M] (Valve Corporation)
steam.exe -> C:\Program Files (x86)\Steam\Steam.exe -> [2012/12/03 13:35:16 | 001,354,736 | ---- | M] (Valve Corporation)
soffice.exe -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe -> [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org)
soffice.bin -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin -> [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org)
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated)
trillian.exe -> C:\Program Files (x86)\Trillian\trillian.exe -> [2012/07/26 23:00:00 | 002,380,752 | ---- | M] (Cerulean Studios)
iusb3mon.exe -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe -> [2012/01/26 09:40:44 | 000,291,608 | R--- | M] (Intel Corporation)
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation)
iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2011/11/29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation)
 
[Modules - No Company Name]
sdl.dll -> C:\Program Files (x86)\Steam\sdl.dll -> [2012/12/20 13:03:44 | 000,647,168 | ---- | M] ()
libcef.dll -> C:\Program Files (x86)\Steam\bin\libcef.dll -> [2012/12/20 13:02:47 | 020,320,240 | ---- | M] ()
avcodec-53.dll -> C:\Program Files (x86)\Steam\bin\avcodec-53.dll -> [2012/12/20 13:02:44 | 001,100,800 | ---- | M] ()
chromehtml.dll -> C:\Program Files (x86)\Steam\bin\chromehtml.dll -> [2012/12/20 13:02:44 | 000,969,280 | ---- | M] ()
avformat-53.dll -> C:\Program Files (x86)\Steam\bin\avformat-53.dll -> [2012/12/20 13:02:44 | 000,192,000 | ---- | M] ()
avutil-51.dll -> C:\Program Files (x86)\Steam\bin\avutil-51.dll -> [2012/12/20 13:02:44 | 000,124,416 | ---- | M] ()
iastorutil.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll -> [2012/11/16 21:01:32 | 000,487,424 | ---- | M] ()
iastorcommon.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll -> [2012/11/16 21:01:32 | 000,014,336 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll -> [2012/11/16 12:14:22 | 000,771,584 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll -> [2012/11/16 12:14:08 | 012,436,480 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll -> [2012/11/16 12:14:04 | 001,591,808 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll -> [2012/11/16 12:13:58 | 003,347,968 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll -> [2012/11/16 12:13:55 | 005,452,800 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll -> [2012/11/16 12:13:53 | 007,988,736 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll -> [2012/11/16 12:13:53 | 000,971,264 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll -> [2012/11/16 12:13:49 | 011,493,376 | ---- | M] ()
zlib1.dll -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll -> [2012/08/27 20:33:32 | 000,087,912 | ---- | M] ()
libxml2.dll -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll -> [2012/08/27 20:33:08 | 001,242,512 | ---- | M] ()
libxml2.dll -> C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll -> [2012/08/10 15:51:32 | 000,985,088 | ---- | M] ()
libpng15.dll -> C:\Program Files (x86)\Trillian\libpng15.dll -> [2012/07/26 23:00:00 | 000,187,392 | ---- | M] ()
libungif.dll -> C:\Program Files (x86)\Trillian\libungif.dll -> [2012/07/26 23:00:00 | 000,065,536 | ---- | M] ()
zlib1.dll -> C:\Program Files (x86)\Trillian\zlib1.dll -> [2012/07/26 23:00:00 | 000,059,904 | ---- | M] ()
buddy.dll -> c:\Program Files (x86)\Trillian\languages\en\buddy.dll -> [2012/07/26 23:00:00 | 000,011,264 | ---- | M] ()
talk.dll -> c:\Program Files (x86)\Trillian\languages\en\talk.dll -> [2012/07/26 23:00:00 | 000,007,168 | ---- | M] ()
trillian.dll -> c:\Program Files (x86)\Trillian\languages\en\trillian.dll -> [2012/07/26 23:00:00 | 000,006,656 | ---- | M] ()
events.dll -> c:\Program Files (x86)\Trillian\languages\en\events.dll -> [2012/07/26 23:00:00 | 000,006,656 | ---- | M] ()
toolkit.dll -> c:\Program Files (x86)\Trillian\languages\en\toolkit.dll -> [2012/07/26 23:00:00 | 000,003,584 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2012/06/12 00:19:14 | 000,239,616 | ---- | M] (AMD)
64bit-(ISCTAgent)  [Auto | Running] -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -> [2012/02/09 15:26:48 | 000,133,632 | ---- | M] ()
64bit-(LBTServ)  [On_Demand | Stopped] -> C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -> [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(Steam Client Service) Steam Client Service [On_Demand | Running] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2012/12/20 13:02:48 | 000,541,760 | ---- | M] (Valve Corporation)
(MBAMService) MBAMService [Auto | Stopped] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation)
(MBAMScheduler) MBAMScheduler [Auto | Stopped] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -> [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation)
(MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/12/04 20:27:00 | 000,115,168 | ---- | M] (Mozilla Foundation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/08/20 21:07:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated)
(cphs) Intel(R) Content Protection HECI Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\IntelCpHeciSvc.exe -> [2012/03/21 21:34:18 | 000,276,248 | ---- | M] (Intel Corporation)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(WPRO_41_2001) WinPcap Packet Driver (WPRO_41_2001) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\WPRO_41_2001.sys -> [2013/01/08 09:02:42 | 000,034,752 | ---- | M] ()
64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.)
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2012/06/12 01:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2012/06/11 23:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2012/03/19 00:32:02 | 014,745,600 | ---- | M] (Intel Corporation)
64bit-(AtiHDAudioService) AMD Function Driver for HD Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtihdW76.sys -> [2012/02/23 19:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices)
64bit-(ISCT) Intel(R) Smart Connect Technology Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ISCTD64.sys -> [2012/02/09 15:24:16 | 000,044,992 | ---- | M] ()
64bit-(imsevent) Intel Upper Mouse Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\imsevent.sys -> [2012/02/09 15:24:16 | 000,025,536 | ---- | M] ()
64bit-(ikbevent) Intel Upper keyboard Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ikbevent.sys -> [2012/02/09 15:24:14 | 000,025,536 | ---- | M] ()
64bit-(iusb3xhc) Intel(R) USB 3.0 eXtensible Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\iusb3xhc.sys -> [2012/01/26 09:39:34 | 000,787,736 | ---- | M] (Intel Corporation)
64bit-(iusb3hub) Intel(R) USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\iusb3hub.sys -> [2012/01/26 09:39:34 | 000,356,120 | ---- | M] (Intel Corporation)
64bit-(iusb3hcs) Intel(R) USB 3.0 Host Controller Switch Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iusb3hcs.sys -> [2012/01/26 09:39:34 | 000,016,152 | ---- | M] (Intel Corporation)
64bit-(AsrRamDisk) AsrRamDisk [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AsrRamDisk.sys -> [2012/01/13 11:52:38 | 000,031,016 | ---- | M] (ASRock Inc.)
64bit-(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcDAud.sys -> [2011/12/05 12:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2011/11/29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation)
64bit-(asahci64) asahci64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\asahci64.sys -> [2011/09/21 16:56:24 | 000,049,760 | ---- | M] (Asmedia Technology)
64bit-(AsrAppCharger) AsrAppCharger [Kernel | System | Running] -> C:\Windows\SysNative\drivers\AsrAppCharger.sys -> [2011/05/10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(k57nd60a) Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\k57nd60a.sys -> [2011/05/09 19:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation)
64bit-(asmtxhci) ASMEDIA XHCI Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\asmtxhci.sys -> [2011/03/04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc)
64bit-(asmthub3) ASMedia USB3 Hub Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\asmthub3.sys -> [2011/03/04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2010/11/20 19:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2010/11/20 19:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(MBfilt) MBfilt [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\MBfilt64.sys -> [2009/11/17 15:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WSDPrint.sys -> [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation)
64bit-(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LMouFilt.Sys -> [2009/06/17 08:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.)
64bit-(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LHidFilt.Sys -> [2009/06/17 08:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.)
64bit-(LHidEqd) Logitech SetPoint Unifying KMDF HID Filter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LHidEqd.sys -> [2009/06/17 08:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.)
64bit-(LEqdUsb) Logitech SetPoint Unifying KMDF USB Filter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LEqdUsb.sys -> [2009/06/17 08:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(VaneFltr) Lachesis Mouse Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Lachesis.sys -> [2007/08/17 06:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-US -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> AE 92 14 D7 DA EB CD 01  [binary data] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Kyle\AppData\Roaming\Mozilla\FireFox\Profiles\mqc4bwx7.default\prefs.js -> 
browser.startup.homepage -> "www.google.com" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Mozilla Firefox 17.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2012/12/04 20:27:00 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions -> [2012/08/20 18:18:40 | 000,000,000 | ---D | M]
  -> C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\mqc4bwx7.default\extensions -> [2012/10/27 01:51:53 | 000,000,000 | ---D | M]
ExtTransport2 Class extension for Firefox   -> C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\mqc4bwx7.default\extensions\{801814A5-B932-4F87-9B24-59B2857D287C} -> [2012/10/27 01:51:53 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2012/12/04 20:26:58 | 000,000,000 | ---D | M]
< HOSTS File > ([2013/01/08 09:23:20 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/08/20 21:08:17 | 000,537,576 | ---- | M] (Oracle Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/08/20 21:08:17 | 000,193,512 | ---- | M] (Oracle Corporation)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/08/20 21:07:57 | 000,449,512 | ---- | M] (Oracle Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/08/20 21:07:57 | 000,157,672 | ---- | M] (Oracle Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2012/03/21 21:34:02 | 000,398,616 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2012/03/21 21:34:10 | 000,170,264 | ---- | M] (Intel Corporation)
"Kernel and Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2009/06/17 08:53:26 | 000,130,576 | ---- | M] (Logitech, Inc.)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2012/03/21 21:34:06 | 000,439,064 | ---- | M] (Intel Corporation)
"RTHDVCPL" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s] -> [2012/01/31 03:09:06 | 012,446,824 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AMD AVT" -> C:\Windows\SysWow64\cmd.exe [Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml] -> [2010/11/20 19:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation)
"APSDaemon" -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2012/08/27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.)
"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2011/11/29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2012/06/11 14:00:26 | 000,641,704 | ---- | M] (Advanced Micro Devices, Inc.)
"USB3MON" -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe ["C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"] -> [2012/01/26 09:40:44 | 000,291,608 | R--- | M] (Intel Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AMD" -> C:\Users\Kyle\AppData\Local\AMD\kwjorpbj.dll [RUNDLL32.EXE C:\Users\Kyle\AppData\Local\AMD\kwjorpbj.dll,ompd_get_fork_routine] -> [2012/12/02 11:31:33 | 000,299,520 | ---- | M] (LEAD Technologies, Inc.)
"Steam" -> C:\Program Files (x86)\Steam\Steam.exe ["C:\Program Files (x86)\Steam\Steam.exe" -silent] -> [2012/12/03 13:35:16 | 001,354,736 | ---- | M] (Valve Corporation)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> 
clonewarsadventures.com .
[*] -> Trusted sites -> 
freerealms.com .
[*] -> Trusted sites -> 
soe.com .
[*] -> Trusted sites -> 
sony.com .
[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{B52C507F-1602-4220-BF53-EBE4DE6DFA59}\\DhcpNameServer -> 192.168.1.1   (Broadcom NetLink (TM) Gigabit Ethernet) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2010/11/20 19:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 17:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2010/11/20 19:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2012/03/18 23:17:12 | 000,434,688 | ---- | M] (Intel Corporation)
LBTWlgn -> c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll -> [2009/07/20 11:36:46 | 000,076,816 | ---- | M] (Logitech, Inc.)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{09D30691-D76E-44D7-8D0E-FF00AFEB854A} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
{1EF33B50-D2BF-4E70-8330-035BF345B14E} -> profile=private | protocol=6 | dir=in | action=allow | name=diablo iii | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
{1F3BE98E-BDD2-4296-AFF9-E2AC6356346E} -> profile=private | protocol=6 | dir=in | action=allow | name=battle.net update agent | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
{2F5D3B51-F448-4387-805D-B715B2B8CF57} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{37964952-BE19-473D-A832-115FFD69DB33} -> profile=private | protocol=6 | dir=in | action=allow | name=battle.net update agent | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
{3E176F65-B0B8-49F3-A031-51307AA1953A} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{44EBE7CC-F0E4-4448-8A72-24F2235D9B1C} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
{458F6449-D0CC-4BA6-AF3C-3ED518C661A3} -> profile=private | protocol=6 | dir=in | action=allow | name=dead island | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
{47C3D70A-6B7C-4892-AB11-AF320F768DEB} -> profile=private | protocol=6 | dir=in | action=allow | name=battle.net update agent | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
{47D64FCF-06B4-468F-89BD-997DF2F3405A} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{51196573-4B79-4CC6-8F8A-725927C8F6EB} -> profile=private | protocol=6 | dir=in | action=allow | name=planetside 2 | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
{5A3978CF-95F6-431D-A749-2B1ABD59668D} -> profile=private | protocol=17 | dir=in | action=allow | name=battle.net update agent | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
{6576C64C-6E58-4FF7-800C-B9EA9EF7017D} -> profile=private | protocol=17 | dir=in | action=allow | name=planetside 2 | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
{73C55334-0FF1-4DFE-BA76-A51C15A6509E} -> profile=private | protocol=17 | dir=in | action=allow | name=battle.net update agent | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
{741E205A-03EC-4144-88A1-8BF0BE4B1A82} -> profile=private | protocol=17 | dir=in | action=allow | name=dota 2 | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
{7649B75E-24A6-43EB-921F-48CC67EC96E1} -> profile=private | protocol=17 | dir=in | action=allow | name=dirt showdown | app=c:\program files (x86)\steam\steamapps\common\dirt showdown\showdown.exe | 
{9588363C-CDB3-4DF9-AC7B-29AC24FC5BDA} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | 
{9D3A262C-0801-491D-9A6B-030C43C4F1A5} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
{CB9FCC19-857B-4F3C-A51B-5443869B1189} -> profile=private | protocol=17 | dir=in | action=allow | name=diablo iii | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
{CE76032A-5389-4C3F-A47F-F8C139AD59FE} -> profile=private | protocol=6 | dir=in | action=allow | name=dota 2 | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
{CFE55DD4-381A-4C2B-86E4-02E0B6AF1A3D} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{CFE8B911-7821-4026-913F-C27E8BBA80C8} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
{DA3D1369-3E38-4118-98CE-A0BB357A3FED} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | 
{DD019189-45F9-42D0-AAA7-BA05FAE4C0B5} -> profile=private | protocol=6 | dir=in | action=allow | name=dirt showdown | app=c:\program files (x86)\steam\steamapps\common\dirt showdown\showdown.exe | 
{EB800E1A-D8B1-4F95-868D-0C4CA7C1E8B9} -> profile=private | protocol=17 | dir=in | action=allow | name=battle.net update agent | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
{F141C05F-61CC-491A-8305-31556A898EBA} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{F34D5C5D-08D8-46DF-B6F4-AA38463C1A65} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
{F455D862-731F-423C-B2B7-8DB36EBA2908} -> profile=private | protocol=17 | dir=in | action=allow | name=dead island | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
TCP Query User{17C72CB0-3424-44AB-B31E-1F062628736E}C:\users\kyle\downloads\mtgoiii_helper.exe -> profile=private | protocol=6 | dir=in | action=allow | name=mtgoiii_helper.exe | app=c:\users\kyle\downloads\mtgoiii_helper.exe | 
TCP Query User{53C85757-31E5-4E25-9CD4-4CA687836BE9}C:\program files (x86)\dead island\deadislandgame.exe -> profile=private | protocol=6 | dir=in | action=allow | name=deadisland | app=c:\program files (x86)\dead island\deadislandgame.exe | 
TCP Query User{C137B4CB-50FD-4861-9620-6A9393AEC150}C:\programdata\battle.net\agent\agent.1544\agent.exe -> profile=private | protocol=6 | dir=in | action=allow | name=battle.net update agent | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
TCP Query User{C2C1DA90-F379-4E51-83F9-CFF7C36E6F16}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=planetside2 | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
TCP Query User{E971588F-B548-4992-A802-1EC6B1A5A079}C:\program files (x86)\steam\steamapps\kyleclarkk\team fortress 2\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\kyleclarkk\team fortress 2\hl2.exe | 
TCP Query User{EBACBF14-4520-41DA-A130-4E184F1C73F9}C:\program files (x86)\trillian\trillian.exe -> profile=private | protocol=6 | dir=in | action=allow | name=trillian | app=c:\program files (x86)\trillian\trillian.exe | 
UDP Query User{26E24A82-9A22-4F59-866D-90C22FE6BFF7}C:\program files (x86)\dead island\deadislandgame.exe -> profile=private | protocol=17 | dir=in | action=allow | name=deadisland | app=c:\program files (x86)\dead island\deadislandgame.exe | 
UDP Query User{408A27AC-78CF-4BF2-8259-9ACACA4BEE65}C:\program files (x86)\trillian\trillian.exe -> profile=private | protocol=17 | dir=in | action=allow | name=trillian | app=c:\program files (x86)\trillian\trillian.exe | 
UDP Query User{A11B5789-AFE8-498C-98F3-8254F1260EFF}C:\users\kyle\downloads\mtgoiii_helper.exe -> profile=private | protocol=17 | dir=in | action=allow | name=mtgoiii_helper.exe | app=c:\users\kyle\downloads\mtgoiii_helper.exe | 
UDP Query User{A8473D2F-14C0-4476-B5FF-31B8907DBC2D}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=planetside2 | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
UDP Query User{B21F0D0F-6355-4674-926D-69513DACF61F}C:\programdata\battle.net\agent\agent.1544\agent.exe -> profile=private | protocol=17 | dir=in | action=allow | name=battle.net update agent | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
UDP Query User{C9D52E72-174D-4A8A-98A1-0A583707F4F3}C:\program files (x86)\steam\steamapps\kyleclarkk\team fortress 2\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\kyleclarkk\team fortress 2\hl2.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 19:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Users\Kyle\Desktop\OTS.exe -> [2013/01/08 13:21:29 | 000,646,656 | ---- | C] (OldTimer Tools)
 temp -> C:\Windows\temp -> [2013/01/08 09:25:03 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2013/01/08 09:18:44 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2013/01/08 09:18:44 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2013/01/08 09:18:44 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2013/01/08 09:18:40 | 000,000,000 | ---D | C]
 erdnt -> C:\Windows\erdnt -> [2013/01/08 09:18:33 | 000,000,000 | ---D | C]
 ComboFix.exe -> C:\Users\Kyle\Desktop\ComboFix.exe -> [2013/01/08 09:11:08 | 005,019,950 | R--- | C] (Swearware)
 dds.scr -> C:\Users\Kyle\Desktop\dds.scr -> [2013/01/07 16:22:16 | 000,688,992 | R--- | C] (Swearware)
 HijackThis.exe -> C:\Users\Kyle\Desktop\HijackThis.exe -> [2013/01/07 16:17:23 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 Programs -> C:\Users\Kyle\AppData\Local\Programs -> [2013/01/07 16:04:17 | 000,000,000 | ---D | C]
 DeadIsland -> C:\Users\Kyle\Documents\DeadIsland -> [2012/12/21 17:01:24 | 000,000,000 | ---D | C]
 atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/20 23:29:50 | 000,367,616 | ---- | C] (Adobe Systems Incorporated)
 atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/20 23:29:50 | 000,295,424 | ---- | C] (Adobe Systems Incorporated)
 atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/20 23:29:50 | 000,046,080 | ---- | C] (Adobe Systems)
 atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/20 23:29:50 | 000,034,304 | ---- | C] (Adobe Systems)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012/12/12 18:05:11 | 000,176,640 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012/12/12 18:05:11 | 000,096,768 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012/12/12 18:05:11 | 000,073,216 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2012/12/12 18:05:10 | 002,312,704 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2012/12/12 18:05:10 | 001,494,528 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2012/12/12 18:05:10 | 001,427,968 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012/12/12 18:05:10 | 000,248,320 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2012/12/12 18:05:10 | 000,237,056 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2012/12/12 18:05:10 | 000,231,936 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2012/12/12 18:05:10 | 000,173,056 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2012/12/12 18:05:10 | 000,142,848 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2012/12/12 18:05:09 | 000,729,088 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2012/12/12 18:05:08 | 000,816,640 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2012/12/12 18:05:08 | 000,717,824 | ---- | C] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2012/12/12 18:05:08 | 000,599,040 | ---- | C] (Microsoft Corporation)
 kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2012/12/12 14:24:54 | 001,161,216 | ---- | C] (Microsoft Corporation)
 KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2012/12/12 14:24:54 | 000,424,960 | ---- | C] (Microsoft Corporation)
 wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2012/12/12 14:24:54 | 000,362,496 | ---- | C] (Microsoft Corporation)
 conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2012/12/12 14:24:54 | 000,338,432 | ---- | C] (Microsoft Corporation)
 wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2012/12/12 14:24:54 | 000,243,200 | ---- | C] (Microsoft Corporation)
 winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2012/12/12 14:24:54 | 000,215,040 | ---- | C] (Microsoft Corporation)
 setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2012/12/12 14:24:54 | 000,025,600 | ---- | C] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2012/12/12 14:24:54 | 000,016,384 | ---- | C] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2012/12/12 14:24:54 | 000,014,336 | ---- | C] (Microsoft Corporation)
 wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2012/12/12 14:24:54 | 000,013,312 | ---- | C] (Microsoft Corporation)
 instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2012/12/12 14:24:54 | 000,007,680 | ---- | C] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,006,144 | -H-- | C] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,006,144 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,005,120 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,005,120 | -H-- | C] (Microsoft Corporation)
 wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2012/12/12 14:24:54 | 000,005,120 | ---- | C] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2012/12/12 14:24:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 user.exe -> C:\Windows\SysWow64\user.exe -> [2012/12/12 14:24:54 | 000,002,048 | ---- | C] (Microsoft Corporation)
 dpnet.dll -> C:\Windows\SysNative\dpnet.dll -> [2012/12/12 14:24:51 | 000,478,208 | ---- | C] (Microsoft Corporation)
 dpnet.dll -> C:\Windows\SysWow64\dpnet.dll -> [2012/12/12 14:24:51 | 000,376,832 | ---- | C] (Microsoft Corporation)
 Ventrilo -> C:\Users\Kyle\AppData\Roaming\Ventrilo -> [2012/12/10 20:59:24 | 000,000,000 | ---D | C]
 Ventrilo -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo -> [2012/12/10 20:58:53 | 000,000,000 | ---D | C]
 Ventrilo -> C:\Program Files (x86)\Ventrilo -> [2012/12/10 20:58:52 | 000,000,000 | ---D | C]
 Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2012/12/10 20:58:28 | 000,000,000 | ---D | C]
 Mumble -> C:\Users\Kyle\AppData\Roaming\Mumble -> [2012/12/09 16:44:27 | 000,000,000 | ---D | C]
 Mumble -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble -> [2012/12/09 16:43:45 | 000,000,000 | ---D | C]
 Mumble -> C:\Program Files (x86)\Mumble -> [2012/12/09 16:43:44 | 000,000,000 | ---D | C]
 Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2012/12/04 20:26:58 | 000,000,000 | ---D | C]
 AMD -> C:\Users\Kyle\AppData\Local\AMD -> [2012/11/29 17:11:12 | 000,000,000 | ---D | C]
 SCE -> C:\Users\Kyle\AppData\Local\SCE -> [2012/11/22 16:11:03 | 000,000,000 | ---D | C]
 Crash -> C:\Crash -> [2012/11/22 16:11:03 | 000,000,000 | ---D | C]
 Sony Online Entertainment -> C:\Users\Kyle\AppData\Local\Sony Online Entertainment -> [2012/11/22 16:11:01 | 000,000,000 | ---D | C]
 D3DCompiler_43.dll -> C:\Windows\SysNative\D3DCompiler_43.dll -> [2012/11/22 16:10:58 | 002,526,056 | ---- | C] (Microsoft Corporation)
 XAudio2_7.dll -> C:\Windows\SysNative\XAudio2_7.dll -> [2012/11/22 16:10:58 | 000,518,488 | ---- | C] (Microsoft Corporation)
 xactengine3_7.dll -> C:\Windows\SysNative\xactengine3_7.dll -> [2012/11/22 16:10:58 | 000,176,984 | ---- | C] (Microsoft Corporation)
 XAPOFX1_5.dll -> C:\Windows\SysNative\XAPOFX1_5.dll -> [2012/11/22 16:10:58 | 000,077,656 | ---- | C] (Microsoft Corporation)
 D3DX9_43.dll -> C:\Windows\SysNative\D3DX9_43.dll -> [2012/11/22 16:10:57 | 002,401,112 | ---- | C] (Microsoft Corporation)
 d3dcsx_43.dll -> C:\Windows\SysNative\d3dcsx_43.dll -> [2012/11/22 16:10:57 | 001,907,552 | ---- | C] (Microsoft Corporation)
 d3dx10_43.dll -> C:\Windows\SysNative\d3dx10_43.dll -> [2012/11/22 16:10:57 | 000,511,328 | ---- | C] (Microsoft Corporation)
 d3dx11_43.dll -> C:\Windows\SysNative\d3dx11_43.dll -> [2012/11/22 16:10:57 | 000,276,832 | ---- | C] (Microsoft Corporation)
 XAudio2_6.dll -> C:\Windows\SysNative\XAudio2_6.dll -> [2012/11/22 16:10:56 | 000,530,776 | ---- | C] (Microsoft Corporation)
 XAudio2_6.dll -> C:\Windows\SysWow64\XAudio2_6.dll -> [2012/11/22 16:10:56 | 000,528,216 | ---- | C] (Microsoft Corporation)
 xactengine3_6.dll -> C:\Windows\SysWow64\xactengine3_6.dll -> [2012/11/22 16:10:56 | 000,238,936 | ---- | C] (Microsoft Corporation)
 xactengine3_6.dll -> C:\Windows\SysNative\xactengine3_6.dll -> [2012/11/22 16:10:56 | 000,176,984 | ---- | C] (Microsoft Corporation)
 XAPOFX1_4.dll -> C:\Windows\SysNative\XAPOFX1_4.dll -> [2012/11/22 16:10:56 | 000,078,680 | ---- | C] (Microsoft Corporation)
 XAPOFX1_4.dll -> C:\Windows\SysWow64\XAPOFX1_4.dll -> [2012/11/22 16:10:56 | 000,074,072 | ---- | C] (Microsoft Corporation)
 X3DAudio1_7.dll -> C:\Windows\SysNative\X3DAudio1_7.dll -> [2012/11/22 16:10:56 | 000,024,920 | ---- | C] (Microsoft Corporation)
 X3DAudio1_7.dll -> C:\Windows\SysWow64\X3DAudio1_7.dll -> [2012/11/22 16:10:56 | 000,022,360 | ---- | C] (Microsoft Corporation)
 XAudio2_5.dll -> C:\Windows\SysNative\XAudio2_5.dll -> [2012/11/22 16:10:55 | 000,517,960 | ---- | C] (Microsoft Corporation)
 XAudio2_5.dll -> C:\Windows\SysWow64\XAudio2_5.dll -> [2012/11/22 16:10:55 | 000,515,416 | ---- | C] (Microsoft Corporation)
 xactengine3_5.dll -> C:\Windows\SysWow64\xactengine3_5.dll -> [2012/11/22 16:10:55 | 000,238,936 | ---- | C] (Microsoft Corporation)
 xactengine3_5.dll -> C:\Windows\SysNative\xactengine3_5.dll -> [2012/11/22 16:10:55 | 000,176,968 | ---- | C] (Microsoft Corporation)
 D3DCompiler_42.dll -> C:\Windows\SysNative\D3DCompiler_42.dll -> [2012/11/22 16:10:54 | 002,582,888 | ---- | C] (Microsoft Corporation)
 D3DCompiler_42.dll -> C:\Windows\SysWow64\D3DCompiler_42.dll -> [2012/11/22 16:10:54 | 001,974,616 | ---- | C] (Microsoft Corporation)
 d3dcsx_42.dll -> C:\Windows\SysNative\d3dcsx_42.dll -> [2012/11/22 16:10:53 | 005,554,512 | ---- | C] (Microsoft Corporation)
 d3dcsx_42.dll -> C:\Windows\SysWow64\d3dcsx_42.dll -> [2012/11/22 16:10:53 | 005,501,792 | ---- | C] (Microsoft Corporation)
 d3dx10_42.dll -> C:\Windows\SysNative\d3dx10_42.dll -> [2012/11/22 16:10:53 | 000,523,088 | ---- | C] (Microsoft Corporation)
 d3dx10_42.dll -> C:\Windows\SysWow64\d3dx10_42.dll -> [2012/11/22 16:10:53 | 000,453,456 | ---- | C] (Microsoft Corporation)
 d3dx11_42.dll -> C:\Windows\SysNative\d3dx11_42.dll -> [2012/11/22 16:10:53 | 000,285,024 | ---- | C] (Microsoft Corporation)
 d3dx11_42.dll -> C:\Windows\SysWow64\d3dx11_42.dll -> [2012/11/22 16:10:53 | 000,235,344 | ---- | C] (Microsoft Corporation)
 D3DX9_42.dll -> C:\Windows\SysNative\D3DX9_42.dll -> [2012/11/22 16:10:52 | 002,475,352 | ---- | C] (Microsoft Corporation)
 D3DX9_42.dll -> C:\Windows\SysWow64\D3DX9_42.dll -> [2012/11/22 16:10:52 | 001,892,184 | ---- | C] (Microsoft Corporation)
 D3DX9_41.dll -> C:\Windows\SysNative\D3DX9_41.dll -> [2012/11/22 16:10:51 | 005,425,496 | ---- | C] (Microsoft Corporation)
 D3DX9_41.dll -> C:\Windows\SysWow64\D3DX9_41.dll -> [2012/11/22 16:10:51 | 004,178,264 | ---- | C] (Microsoft Corporation)
 D3DCompiler_41.dll -> C:\Windows\SysNative\D3DCompiler_41.dll -> [2012/11/22 16:10:51 | 002,430,312 | ---- | C] (Microsoft Corporation)
 D3DCompiler_41.dll -> C:\Windows\SysWow64\D3DCompiler_41.dll -> [2012/11/22 16:10:51 | 001,846,632 | ---- | C] (Microsoft Corporation)
 d3dx10_41.dll -> C:\Windows\SysNative\d3dx10_41.dll -> [2012/11/22 16:10:51 | 000,520,544 | ---- | C] (Microsoft Corporation)
 d3dx10_41.dll -> C:\Windows\SysWow64\d3dx10_41.dll -> [2012/11/22 16:10:51 | 000,453,456 | ---- | C] (Microsoft Corporation)
 XAudio2_4.dll -> C:\Windows\SysNative\XAudio2_4.dll -> [2012/11/22 16:10:50 | 000,521,560 | ---- | C] (Microsoft Corporation)
 XAudio2_4.dll -> C:\Windows\SysWow64\XAudio2_4.dll -> [2012/11/22 16:10:50 | 000,517,448 | ---- | C] (Microsoft Corporation)
 xactengine3_4.dll -> C:\Windows\SysWow64\xactengine3_4.dll -> [2012/11/22 16:10:50 | 000,235,352 | ---- | C] (Microsoft Corporation)
 xactengine3_4.dll -> C:\Windows\SysNative\xactengine3_4.dll -> [2012/11/22 16:10:50 | 000,174,936 | ---- | C] (Microsoft Corporation)
 XAPOFX1_3.dll -> C:\Windows\SysNative\XAPOFX1_3.dll -> [2012/11/22 16:10:50 | 000,073,544 | ---- | C] (Microsoft Corporation)
 XAPOFX1_3.dll -> C:\Windows\SysWow64\XAPOFX1_3.dll -> [2012/11/22 16:10:50 | 000,069,464 | ---- | C] (Microsoft Corporation)
 X3DAudio1_6.dll -> C:\Windows\SysNative\X3DAudio1_6.dll -> [2012/11/22 16:10:50 | 000,024,920 | ---- | C] (Microsoft Corporation)
 X3DAudio1_6.dll -> C:\Windows\SysWow64\X3DAudio1_6.dll -> [2012/11/22 16:10:50 | 000,022,360 | ---- | C] (Microsoft Corporation)
 D3DCompiler_40.dll -> C:\Windows\SysNative\D3DCompiler_40.dll -> [2012/11/22 16:10:49 | 002,605,920 | ---- | C] (Microsoft Corporation)
 D3DCompiler_40.dll -> C:\Windows\SysWow64\D3DCompiler_40.dll -> [2012/11/22 16:10:49 | 002,036,576 | ---- | C] (Microsoft Corporation)
 d3dx10_40.dll -> C:\Windows\SysNative\d3dx10_40.dll -> [2012/11/22 16:10:49 | 000,519,000 | ---- | C] (Microsoft Corporation)
 d3dx10_40.dll -> C:\Windows\SysWow64\d3dx10_40.dll -> [2012/11/22 16:10:49 | 000,452,440 | ---- | C] (Microsoft Corporation)
 D3DX9_40.dll -> C:\Windows\SysNative\D3DX9_40.dll -> [2012/11/22 16:10:48 | 005,631,312 | ---- | C] (Microsoft Corporation)
 D3DX9_40.dll -> C:\Windows\SysWow64\D3DX9_40.dll -> [2012/11/22 16:10:48 | 004,379,984 | ---- | C] (Microsoft Corporation)
 XAudio2_3.dll -> C:\Windows\SysNative\XAudio2_3.dll -> [2012/11/22 16:10:47 | 000,518,480 | ---- | C] (Microsoft Corporation)
 XAudio2_3.dll -> C:\Windows\SysWow64\XAudio2_3.dll -> [2012/11/22 16:10:47 | 000,514,384 | ---- | C] (Microsoft Corporation)
 xactengine3_3.dll -> C:\Windows\SysWow64\xactengine3_3.dll -> [2012/11/22 16:10:47 | 000,235,856 | ---- | C] (Microsoft Corporation)
 xactengine3_3.dll -> C:\Windows\SysNative\xactengine3_3.dll -> [2012/11/22 16:10:47 | 000,175,440 | ---- | C] (Microsoft Corporation)
 XAPOFX1_2.dll -> C:\Windows\SysNative\XAPOFX1_2.dll -> [2012/11/22 16:10:47 | 000,074,576 | ---- | C] (Microsoft Corporation)
 XAPOFX1_2.dll -> C:\Windows\SysWow64\XAPOFX1_2.dll -> [2012/11/22 16:10:47 | 000,070,992 | ---- | C] (Microsoft Corporation)
 X3DAudio1_5.dll -> C:\Windows\SysNative\X3DAudio1_5.dll -> [2012/11/22 16:10:47 | 000,025,936 | ---- | C] (Microsoft Corporation)
 X3DAudio1_5.dll -> C:\Windows\SysWow64\X3DAudio1_5.dll -> [2012/11/22 16:10:47 | 000,023,376 | ---- | C] (Microsoft Corporation)
 XAudio2_2.dll -> C:\Windows\SysNative\XAudio2_2.dll -> [2012/11/22 16:10:46 | 000,513,544 | ---- | C] (Microsoft Corporation)
 XAudio2_2.dll -> C:\Windows\SysWow64\XAudio2_2.dll -> [2012/11/22 16:10:46 | 000,509,448 | ---- | C] (Microsoft Corporation)
 xactengine3_2.dll -> C:\Windows\SysWow64\xactengine3_2.dll -> [2012/11/22 16:10:46 | 000,238,088 | ---- | C] (Microsoft Corporation)
 xactengine3_2.dll -> C:\Windows\SysNative\xactengine3_2.dll -> [2012/11/22 16:10:46 | 000,177,672 | ---- | C] (Microsoft Corporation)
 XAPOFX1_1.dll -> C:\Windows\SysNative\XAPOFX1_1.dll -> [2012/11/22 16:10:46 | 000,072,200 | ---- | C] (Microsoft Corporation)
 XAPOFX1_1.dll -> C:\Windows\SysWow64\XAPOFX1_1.dll -> [2012/11/22 16:10:46 | 000,068,616 | ---- | C] (Microsoft Corporation)
 D3DCompiler_39.dll -> C:\Windows\SysNative\D3DCompiler_39.dll -> [2012/11/22 16:10:45 | 001,942,552 | ---- | C] (Microsoft Corporation)
 D3DCompiler_39.dll -> C:\Windows\SysWow64\D3DCompiler_39.dll -> [2012/11/22 16:10:45 | 001,493,528 | ---- | C] (Microsoft Corporation)
 d3dx10_39.dll -> C:\Windows\SysNative\d3dx10_39.dll -> [2012/11/22 16:10:45 | 000,540,688 | ---- | C] (Microsoft Corporation)
 d3dx10_39.dll -> C:\Windows\SysWow64\d3dx10_39.dll -> [2012/11/22 16:10:45 | 000,467,984 | ---- | C] (Microsoft Corporation)
 D3DX9_39.dll -> C:\Windows\SysNative\D3DX9_39.dll -> [2012/11/22 16:10:44 | 004,992,520 | ---- | C] (Microsoft Corporation)
 D3DX9_39.dll -> C:\Windows\SysWow64\D3DX9_39.dll -> [2012/11/22 16:10:44 | 003,851,784 | ---- | C] (Microsoft Corporation)
 XAudio2_1.dll -> C:\Windows\SysNative\XAudio2_1.dll -> [2012/11/22 16:10:44 | 000,511,496 | ---- | C] (Microsoft Corporation)
 XAudio2_1.dll -> C:\Windows\SysWow64\XAudio2_1.dll -> [2012/11/22 16:10:44 | 000,507,400 | ---- | C] (Microsoft Corporation)
 xactengine3_1.dll -> C:\Windows\SysWow64\xactengine3_1.dll -> [2012/11/22 16:10:44 | 000,238,088 | ---- | C] (Microsoft Corporation)
 xactengine3_1.dll -> C:\Windows\SysNative\xactengine3_1.dll -> [2012/11/22 16:10:44 | 000,177,672 | ---- | C] (Microsoft Corporation)
 XAPOFX1_0.dll -> C:\Windows\SysNative\XAPOFX1_0.dll -> [2012/11/22 16:10:44 | 000,068,104 | ---- | C] (Microsoft Corporation)
 XAPOFX1_0.dll -> C:\Windows\SysWow64\XAPOFX1_0.dll -> [2012/11/22 16:10:44 | 000,065,032 | ---- | C] (Microsoft Corporation)
 X3DAudio1_4.dll -> C:\Windows\SysNative\X3DAudio1_4.dll -> [2012/11/22 16:10:44 | 000,028,168 | ---- | C] (Microsoft Corporation)
 X3DAudio1_4.dll -> C:\Windows\SysWow64\X3DAudio1_4.dll -> [2012/11/22 16:10:44 | 000,025,608 | ---- | C] (Microsoft Corporation)
 D3DCompiler_38.dll -> C:\Windows\SysNative\D3DCompiler_38.dll -> [2012/11/22 16:10:43 | 001,941,528 | ---- | C] (Microsoft Corporation)
 D3DCompiler_38.dll -> C:\Windows\SysWow64\D3DCompiler_38.dll -> [2012/11/22 16:10:43 | 001,491,992 | ---- | C] (Microsoft Corporation)
 d3dx10_38.dll -> C:\Windows\SysNative\d3dx10_38.dll -> [2012/11/22 16:10:43 | 000,540,688 | ---- | C] (Microsoft Corporation)
 d3dx10_38.dll -> C:\Windows\SysWow64\d3dx10_38.dll -> [2012/11/22 16:10:43 | 000,467,984 | ---- | C] (Microsoft Corporation)
 D3DX9_38.dll -> C:\Windows\SysNative\D3DX9_38.dll -> [2012/11/22 16:10:42 | 004,991,496 | ---- | C] (Microsoft Corporation)
 D3DX9_38.dll -> C:\Windows\SysWow64\D3DX9_38.dll -> [2012/11/22 16:10:42 | 003,850,760 | ---- | C] (Microsoft Corporation)
 XAudio2_0.dll -> C:\Windows\SysNative\XAudio2_0.dll -> [2012/11/22 16:10:42 | 000,489,480 | ---- | C] (Microsoft Corporation)
 XAudio2_0.dll -> C:\Windows\SysWow64\XAudio2_0.dll -> [2012/11/22 16:10:42 | 000,479,752 | ---- | C] (Microsoft Corporation)
 xactengine3_0.dll -> C:\Windows\SysWow64\xactengine3_0.dll -> [2012/11/22 16:10:42 | 000,238,088 | ---- | C] (Microsoft Corporation)
 xactengine3_0.dll -> C:\Windows\SysNative\xactengine3_0.dll -> [2012/11/22 16:10:42 | 000,177,672 | ---- | C] (Microsoft Corporation)
 D3DX9_37.dll -> C:\Windows\SysNative\D3DX9_37.dll -> [2012/11/22 16:10:41 | 004,910,088 | ---- | C] (Microsoft Corporation)
 D3DX9_37.dll -> C:\Windows\SysWow64\D3DX9_37.dll -> [2012/11/22 16:10:41 | 003,786,760 | ---- | C] (Microsoft Corporation)
 D3DCompiler_37.dll -> C:\Windows\SysNative\D3DCompiler_37.dll -> [2012/11/22 16:10:41 | 001,860,120 | ---- | C] (Microsoft Corporation)
 D3DCompiler_37.dll -> C:\Windows\SysWow64\D3DCompiler_37.dll -> [2012/11/22 16:10:41 | 001,420,824 | ---- | C] (Microsoft Corporation)
 d3dx10_37.dll -> C:\Windows\SysNative\d3dx10_37.dll -> [2012/11/22 16:10:41 | 000,529,424 | ---- | C] (Microsoft Corporation)
 d3dx10_37.dll -> C:\Windows\SysWow64\d3dx10_37.dll -> [2012/11/22 16:10:41 | 000,462,864 | ---- | C] (Microsoft Corporation)
 X3DAudio1_3.dll -> C:\Windows\SysNative\X3DAudio1_3.dll -> [2012/11/22 16:10:41 | 000,028,168 | ---- | C] (Microsoft Corporation)
 X3DAudio1_3.dll -> C:\Windows\SysWow64\X3DAudio1_3.dll -> [2012/11/22 16:10:41 | 000,025,608 | ---- | C] (Microsoft Corporation)
 xactengine2_10.dll -> C:\Windows\SysNative\xactengine2_10.dll -> [2012/11/22 16:10:40 | 000,411,656 | ---- | C] (Microsoft Corporation)
 xactengine2_10.dll -> C:\Windows\SysWow64\xactengine2_10.dll -> [2012/11/22 16:10:40 | 000,267,272 | ---- | C] (Microsoft Corporation)
 D3DCompiler_36.dll -> C:\Windows\SysNative\D3DCompiler_36.dll -> [2012/11/22 16:10:39 | 002,006,552 | ---- | C] (Microsoft Corporation)
 D3DCompiler_36.dll -> C:\Windows\SysWow64\D3DCompiler_36.dll -> [2012/11/22 16:10:39 | 001,374,232 | ---- | C] (Microsoft Corporation)
 d3dx10_36.dll -> C:\Windows\SysNative\d3dx10_36.dll -> [2012/11/22 16:10:39 | 000,508,264 | ---- | C] (Microsoft Corporation)
 d3dx10_36.dll -> C:\Windows\SysWow64\d3dx10_36.dll -> [2012/11/22 16:10:39 | 000,444,776 | ---- | C] (Microsoft Corporation)
 d3dx9_36.dll -> C:\Windows\SysNative\d3dx9_36.dll -> [2012/11/22 16:10:38 | 005,081,608 | ---- | C] (Microsoft Corporation)
 d3dx9_36.dll -> C:\Windows\SysWow64\d3dx9_36.dll -> [2012/11/22 16:10:38 | 003,734,536 | ---- | C] (Microsoft Corporation)
 xactengine2_9.dll -> C:\Windows\SysNative\xactengine2_9.dll -> [2012/11/22 16:10:38 | 000,411,496 | ---- | C] (Microsoft Corporation)
 xactengine2_9.dll -> C:\Windows\SysWow64\xactengine2_9.dll -> [2012/11/22 16:10:38 | 000,267,112 | ---- | C] (Microsoft Corporation)
 D3DCompiler_35.dll -> C:\Windows\SysNative\D3DCompiler_35.dll -> [2012/11/22 16:10:37 | 001,985,904 | ---- | C] (Microsoft Corporation)
 D3DCompiler_35.dll -> C:\Windows\SysWow64\D3DCompiler_35.dll -> [2012/11/22 16:10:37 | 001,358,192 | ---- | C] (Microsoft Corporation)
 d3dx10_35.dll -> C:\Windows\SysNative\d3dx10_35.dll -> [2012/11/22 16:10:37 | 000,508,264 | ---- | C] (Microsoft Corporation)
 d3dx10_35.dll -> C:\Windows\SysWow64\d3dx10_35.dll -> [2012/11/22 16:10:37 | 000,444,776 | ---- | C] (Microsoft Corporation)
 d3dx9_35.dll -> C:\Windows\SysNative\d3dx9_35.dll -> [2012/11/22 16:10:36 | 005,073,256 | ---- | C] (Microsoft Corporation)
 d3dx9_35.dll -> C:\Windows\SysWow64\d3dx9_35.dll -> [2012/11/22 16:10:36 | 003,727,720 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysNative\D3DCompiler_34.dll -> [2012/11/22 16:10:35 | 001,401,200 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysWow64\D3DCompiler_34.dll -> [2012/11/22 16:10:35 | 001,124,720 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysNative\d3dx10_34.dll -> [2012/11/22 16:10:35 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysWow64\d3dx10_34.dll -> [2012/11/22 16:10:35 | 000,443,752 | ---- | C] (Microsoft Corporation)
 xactengine2_8.dll -> C:\Windows\SysNative\xactengine2_8.dll -> [2012/11/22 16:10:35 | 000,409,960 | ---- | C] (Microsoft Corporation)
 xactengine2_8.dll -> C:\Windows\SysWow64\xactengine2_8.dll -> [2012/11/22 16:10:35 | 000,266,088 | ---- | C] (Microsoft Corporation)
 X3DAudio1_2.dll -> C:\Windows\SysNative\X3DAudio1_2.dll -> [2012/11/22 16:10:35 | 000,021,000 | ---- | C] (Microsoft Corporation)
 X3DAudio1_2.dll -> C:\Windows\SysWow64\X3DAudio1_2.dll -> [2012/11/22 16:10:35 | 000,017,928 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysNative\d3dx9_34.dll -> [2012/11/22 16:10:34 | 004,496,232 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysWow64\d3dx9_34.dll -> [2012/11/22 16:10:34 | 003,497,832 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysNative\xactengine2_7.dll -> [2012/11/22 16:10:34 | 000,403,304 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysWow64\xactengine2_7.dll -> [2012/11/22 16:10:34 | 000,261,480 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysNative\xinput1_3.dll -> [2012/11/22 16:10:34 | 000,107,368 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysNative\D3DCompiler_33.dll -> [2012/11/22 16:10:33 | 001,400,176 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysWow64\D3DCompiler_33.dll -> [2012/11/22 16:10:33 | 001,123,696 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysNative\d3dx10_33.dll -> [2012/11/22 16:10:33 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysWow64\d3dx10_33.dll -> [2012/11/22 16:10:33 | 000,443,752 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysNative\d3dx9_33.dll -> [2012/11/22 16:10:32 | 004,494,184 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysWow64\d3dx9_33.dll -> [2012/11/22 16:10:32 | 003,495,784 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysNative\d3dx10.dll -> [2012/11/22 16:10:32 | 000,469,264 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysWow64\d3dx10.dll -> [2012/11/22 16:10:32 | 000,440,080 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysNative\xactengine2_6.dll -> [2012/11/22 16:10:32 | 000,393,576 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysNative\xactengine2_5.dll -> [2012/11/22 16:10:32 | 000,390,424 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysWow64\xactengine2_6.dll -> [2012/11/22 16:10:32 | 000,255,848 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysWow64\xactengine2_5.dll -> [2012/11/22 16:10:32 | 000,251,672 | ---- | C] (Microsoft Corporation)
 d3dx9_32.dll -> C:\Windows\SysNative\d3dx9_32.dll -> [2012/11/22 16:10:31 | 004,398,360 | ---- | C] (Microsoft Corporation)
 d3dx9_32.dll -> C:\Windows\SysWow64\d3dx9_32.dll -> [2012/11/22 16:10:31 | 003,426,072 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysNative\d3dx9_31.dll -> [2012/11/22 16:10:30 | 003,977,496 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysWow64\d3dx9_31.dll -> [2012/11/22 16:10:30 | 002,414,360 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysNative\xactengine2_4.dll -> [2012/11/22 16:10:30 | 000,364,824 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysWow64\xactengine2_4.dll -> [2012/11/22 16:10:30 | 000,237,848 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysNative\x3daudio1_1.dll -> [2012/11/22 16:10:30 | 000,017,688 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysWow64\x3daudio1_1.dll -> [2012/11/22 16:10:30 | 000,015,128 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysNative\xactengine2_3.dll -> [2012/11/22 16:10:29 | 000,363,288 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysNative\xactengine2_2.dll -> [2012/11/22 16:10:29 | 000,354,072 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysWow64\xactengine2_3.dll -> [2012/11/22 16:10:29 | 000,236,824 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysWow64\xactengine2_2.dll -> [2012/11/22 16:10:29 | 000,230,168 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysNative\xinput1_2.dll -> [2012/11/22 16:10:29 | 000,083,736 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysWow64\xinput1_2.dll -> [2012/11/22 16:10:29 | 000,062,744 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysNative\xactengine2_1.dll -> [2012/11/22 16:10:28 | 000,352,464 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysWow64\xactengine2_1.dll -> [2012/11/22 16:10:28 | 000,229,584 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysNative\xinput1_1.dll -> [2012/11/22 16:10:28 | 000,083,664 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysWow64\xinput1_1.dll -> [2012/11/22 16:10:28 | 000,062,672 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysNative\d3dx9_30.dll -> [2012/11/22 16:10:22 | 003,927,248 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysWow64\d3dx9_30.dll -> [2012/11/22 16:10:22 | 002,388,176 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysNative\xactengine2_0.dll -> [2012/11/22 16:10:21 | 000,355,536 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysWow64\xactengine2_0.dll -> [2012/11/22 16:10:21 | 000,230,096 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysNative\x3daudio1_0.dll -> [2012/11/22 16:10:21 | 000,016,592 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysWow64\x3daudio1_0.dll -> [2012/11/22 16:10:21 | 000,014,032 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysNative\d3dx9_29.dll -> [2012/11/22 16:10:20 | 003,830,992 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysWow64\d3dx9_29.dll -> [2012/11/22 16:10:20 | 002,332,368 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysNative\d3dx9_28.dll -> [2012/11/22 16:10:19 | 003,815,120 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysWow64\d3dx9_28.dll -> [2012/11/22 16:10:19 | 002,323,664 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysNative\d3dx9_27.dll -> [2012/11/22 16:10:18 | 003,807,440 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysWow64\d3dx9_27.dll -> [2012/11/22 16:10:18 | 002,319,568 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysNative\d3dx9_25.dll -> [2012/11/22 16:10:17 | 003,823,312 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysNative\d3dx9_26.dll -> [2012/11/22 16:10:17 | 003,767,504 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysWow64\d3dx9_25.dll -> [2012/11/22 16:10:17 | 002,337,488 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysWow64\d3dx9_26.dll -> [2012/11/22 16:10:17 | 002,297,552 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysNative\d3dx9_24.dll -> [2012/11/22 16:10:16 | 003,544,272 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysWow64\d3dx9_24.dll -> [2012/11/22 16:10:16 | 002,222,800 | ---- | C] (Microsoft Corporation)
 Codemasters -> C:\ProgramData\Codemasters -> [2012/11/21 23:30:51 | 000,000,000 | ---D | C]
 My Games -> C:\Users\Kyle\Documents\My Games -> [2012/11/21 23:30:50 | 000,000,000 | ---D | C]
 Blue Ripple Sound -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound -> [2012/11/21 23:30:37 | 000,000,000 | ---D | C]
 mkl_blueripple.dll -> C:\Windows\SysWow64\mkl_blueripple.dll -> [2012/11/21 23:30:36 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited)
 rapture3d_oal.dll -> C:\Windows\SysWow64\rapture3d_oal.dll -> [2012/11/21 23:30:36 | 001,306,624 | ---- | C] (Blue Ripple Sound Limited)
 BRS -> C:\Program Files (x86)\BRS -> [2012/11/21 23:30:35 | 000,000,000 | ---D | C]
 wrap_oal.dll -> C:\Windows\SysNative\wrap_oal.dll -> [2012/11/21 23:30:34 | 000,466,456 | ---- | C] (Creative Labs)
 wrap_oal.dll -> C:\Windows\SysWow64\wrap_oal.dll -> [2012/11/21 23:30:33 | 000,444,952 | ---- | C] (Creative Labs)
 OpenAL32.dll -> C:\Windows\SysNative\OpenAL32.dll -> [2012/11/21 23:30:33 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 OpenAL32.dll -> C:\Windows\SysWow64\OpenAL32.dll -> [2012/11/21 23:30:33 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 OpenAL -> C:\Program Files (x86)\OpenAL -> [2012/11/21 23:30:33 | 000,000,000 | ---D | C]
 XAudio2_7.dll -> C:\Windows\SysWow64\XAudio2_7.dll -> [2012/11/21 23:30:32 | 000,527,192 | ---- | C] (Microsoft Corporation)
 xactengine3_7.dll -> C:\Windows\SysWow64\xactengine3_7.dll -> [2012/11/21 23:30:32 | 000,239,960 | ---- | C] (Microsoft Corporation)
 XAPOFX1_5.dll -> C:\Windows\SysWow64\XAPOFX1_5.dll -> [2012/11/21 23:30:32 | 000,074,072 | ---- | C] (Microsoft Corporation)
 D3DCompiler_43.dll -> C:\Windows\SysWow64\D3DCompiler_43.dll -> [2012/11/21 23:30:31 | 002,106,216 | ---- | C] (Microsoft Corporation)
 d3dcsx_43.dll -> C:\Windows\SysWow64\d3dcsx_43.dll -> [2012/11/21 23:30:31 | 001,868,128 | ---- | C] (Microsoft Corporation)
 d3dx11_43.dll -> C:\Windows\SysWow64\d3dx11_43.dll -> [2012/11/21 23:30:31 | 000,248,672 | ---- | C] (Microsoft Corporation)
 D3DX9_43.dll -> C:\Windows\SysWow64\D3DX9_43.dll -> [2012/11/21 23:30:30 | 001,998,168 | ---- | C] (Microsoft Corporation)
 d3dx10_43.dll -> C:\Windows\SysWow64\d3dx10_43.dll -> [2012/11/21 23:30:30 | 000,470,880 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysWow64\xinput1_3.dll -> [2012/11/21 23:30:29 | 000,081,768 | ---- | C] (Microsoft Corporation)
 Diagnostics -> C:\Users\Kyle\AppData\Local\Diagnostics -> [2012/11/21 23:10:11 | 000,000,000 | ---D | C]
 RELOADED -> C:\ProgramData\RELOADED -> [2012/11/21 22:56:42 | 000,000,000 | ---D | C]
 Dead Island -> C:\Program Files (x86)\Dead Island -> [2012/11/21 22:35:28 | 000,000,000 | ---D | C]
 World of Warcraft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft -> [2012/11/18 11:55:10 | 000,000,000 | ---D | C]
 World of Warcraft -> C:\Program Files (x86)\World of Warcraft -> [2012/11/18 11:55:10 | 000,000,000 | ---D | C]
 TS3Client -> C:\Users\Kyle\AppData\Roaming\TS3Client -> [2012/11/17 14:28:56 | 000,000,000 | ---D | C]
 TeamSpeak 3 Client -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client -> [2012/11/17 14:24:43 | 000,000,000 | ---D | C]
 TeamSpeak 3 Client -> C:\Program Files (x86)\TeamSpeak 3 Client -> [2012/11/17 14:24:43 | 000,000,000 | ---D | C]
 Sun -> C:\Windows\Sun -> [2012/11/17 13:32:20 | 000,000,000 | ---D | C]
 SwiftKit -> C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SwiftKit -> [2012/11/17 13:27:35 | 000,000,000 | ---D | C]
 RICHTX32.OCX -> C:\Windows\SysWow64\RICHTX32.OCX -> [2012/11/17 13:27:29 | 000,203,976 | ---- | C] (Microsoft Corporation)
 msinet.ocx -> C:\Windows\SysWow64\msinet.ocx -> [2012/11/17 13:27:29 | 000,117,507 | ---- | C] (Microsoft Corporation)
 MSWINSCK.OCX -> C:\Windows\SysWow64\MSWINSCK.OCX -> [2012/11/17 13:27:29 | 000,109,248 | ---- | C] (Microsoft Corporation)
 SwiftKit -> C:\ProgramData\SwiftKit -> [2012/11/17 13:27:29 | 000,000,000 | ---D | C]
 SwiftKit -> C:\Program Files (x86)\SwiftKit -> [2012/11/17 13:27:27 | 000,000,000 | ---D | C]
 synceng.dll -> C:\Windows\SysNative\synceng.dll -> [2012/11/16 01:13:51 | 000,095,744 | ---- | C] (Microsoft Corporation)
 synceng.dll -> C:\Windows\SysWow64\synceng.dll -> [2012/11/16 01:13:51 | 000,078,336 | ---- | C] (Microsoft Corporation)
 Create and edit Wired policies -> C:\Users\Kyle\AppData\Local\Create and edit Wired policies -> [2012/10/27 01:51:53 | 000,000,000 | ---D | C]
 OpenOffice.org -> C:\Users\Kyle\AppData\Roaming\OpenOffice.org -> [2012/10/23 14:44:26 | 000,000,000 | ---D | C]
 OpenOffice.org 3.4.1 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 -> [2012/10/23 14:11:22 | 000,000,000 | --SD | C]
 Temp -> C:\Temp -> [2012/10/19 14:12:50 | 000,000,000 | ---D | C]
 Wizards of the Coast -> C:\Users\Kyle\AppData\Roaming\Wizards of the Coast -> [2012/10/19 14:11:03 | 000,000,000 | ---D | C]
 Wizards of the Coast -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast -> [2012/10/19 14:10:54 | 000,000,000 | ---D | C]
 Wizards of the Coast -> C:\Program Files (x86)\Wizards of the Coast -> [2012/10/19 14:10:54 | 000,000,000 | ---D | C]
 Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2012/10/19 14:06:52 | 000,000,000 | ---D | C]
 1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> 
 
[Files/Folders - Modified Within 90 Days]
 OTS.exe -> C:\Users\Kyle\Desktop\OTS.exe -> [2013/01/08 13:21:31 | 000,646,656 | ---- | M] (OldTimer Tools)
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/01/08 13:02:44 | 000,020,832 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/01/08 13:02:44 | 000,020,832 | -H-- | M] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/01/08 13:02:00 | 000,000,830 | ---- | M] ()
 hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2013/01/08 09:23:20 | 000,000,027 | ---- | M] ()
 ComboFix.exe -> C:\Users\Kyle\Desktop\ComboFix.exe -> [2013/01/08 09:11:13 | 005,019,950 | R--- | M] (Swearware)
 WPRO_41_2001.sys -> C:\Windows\SysNative\drivers\WPRO_41_2001.sys -> [2013/01/08 09:02:42 | 000,034,752 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2013/01/08 09:02:40 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2013/01/08 09:02:36 | 2075,791,359 | -HS- | M] ()
 dds.scr -> C:\Users\Kyle\Desktop\dds.scr -> [2013/01/07 16:22:18 | 000,688,992 | R--- | M] (Swearware)
 HijackThis.exe -> C:\Users\Kyle\Desktop\HijackThis.exe -> [2013/01/07 16:17:24 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2013/01/07 16:04:30 | 000,001,109 | ---- | M] ()
 gmer.exe -> C:\Users\Kyle\Desktop\gmer.exe -> [2013/01/07 08:02:04 | 000,365,568 | ---- | M] ()
 Dead Island.url -> C:\Users\Kyle\Desktop\Dead Island.url -> [2012/12/21 15:08:10 | 000,000,221 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/12/21 11:36:15 | 000,293,992 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012/12/17 22:48:44 | 000,726,316 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012/12/17 22:48:44 | 000,623,940 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012/12/17 22:48:44 | 000,106,316 | ---- | M] ()
 atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems)
 atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated)
 atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated)
 atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems)
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation)
 Ventrilo.lnk -> C:\Users\Public\Desktop\Ventrilo.lnk -> [2012/12/10 20:58:53 | 000,000,871 | ---- | M] ()
 {789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2012/12/10 20:58:53 | 000,000,268 | ---- | M] ()
 MumbleAutomaticCertificateBackup.p12 -> C:\Users\Kyle\Documents\MumbleAutomaticCertificateBackup.p12 -> [2012/12/09 16:44:52 | 000,002,378 | ---- | M] ()
 Mumble.lnk -> C:\Users\Public\Desktop\Mumble.lnk -> [2012/12/09 16:43:45 | 000,001,014 | ---- | M] ()
 PlanetSide 2.url -> C:\Users\Kyle\Desktop\PlanetSide 2.url -> [2012/11/22 12:48:17 | 000,000,222 | ---- | M] ()
 wrap_oal.dll -> C:\Windows\SysNative\wrap_oal.dll -> [2012/11/21 23:30:34 | 000,466,456 | ---- | M] (Creative Labs)
 wrap_oal.dll -> C:\Windows\SysWow64\wrap_oal.dll -> [2012/11/21 23:30:33 | 000,444,952 | ---- | M] (Creative Labs)
 OpenAL32.dll -> C:\Windows\SysNative\OpenAL32.dll -> [2012/11/21 23:30:33 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 OpenAL32.dll -> C:\Windows\SysWow64\OpenAL32.dll -> [2012/11/21 23:30:33 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 DiRT Showdown.url -> C:\Users\Kyle\Desktop\DiRT Showdown.url -> [2012/11/21 23:25:18 | 000,000,222 | ---- | M] ()
 projerct.odt -> C:\Users\Kyle\Documents\projerct.odt -> [2012/11/19 02:10:10 | 000,008,861 | ---- | M] ()
 World of Warcraft.lnk -> C:\Users\Public\Desktop\World of Warcraft.lnk -> [2012/11/18 11:55:13 | 000,001,287 | ---- | M] ()
 random.dat -> C:\Users\Kyle\random.dat -> [2012/11/17 14:41:28 | 000,000,024 | ---- | M] ()
 TeamSpeak 3 Client.lnk -> C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> [2012/11/17 14:24:43 | 000,001,162 | ---- | M] ()
 jagex_cl_runescape_LIVE.dat -> C:\Users\Kyle\jagex_cl_runescape_LIVE.dat -> [2012/11/17 13:32:32 | 000,000,043 | ---- | M] ()
 SwiftKit.lnk -> C:\Users\Kyle\Desktop\SwiftKit.lnk -> [2012/11/17 13:27:35 | 000,001,007 | ---- | M] ()
 MRT.INI -> C:\Windows\SysNative\MRT.INI -> [2012/11/16 03:01:24 | 000,000,127 | ---- | M] ()
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2012/11/13 22:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2012/11/13 22:02:49 | 001,494,528 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2012/11/13 22:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2012/11/13 21:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2012/11/13 21:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2012/11/13 21:57:35 | 000,173,056 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2012/11/13 21:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012/11/13 21:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012/11/13 21:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2012/11/13 17:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2012/11/13 17:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2012/11/13 17:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2012/11/13 17:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012/11/13 17:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012/11/13 17:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation)
 dpnet.dll -> C:\Windows\SysNative\dpnet.dll -> [2012/11/01 21:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation)
 dpnet.dll -> C:\Windows\SysWow64\dpnet.dll -> [2012/11/01 21:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation)
 {8F9AE9F0-FF62-B37B-2E9A-BB02AA3D785B}.dat -> C:\Users\Kyle\AppData\Local\{8F9AE9F0-FF62-B37B-2E9A-BB02AA3D785B}.dat -> [2012/10/27 01:51:53 | 000,079,358 | ---- | M] ()
 hinduism.odt -> C:\Users\Kyle\Documents\hinduism.odt -> [2012/10/23 21:08:02 | 000,021,075 | ---- | M] ()
 OpenOffice.org 3.4.1.lnk -> C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk -> [2012/10/23 14:44:30 | 000,001,235 | ---- | M] ()
 OpenOffice.org 3.4.1.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk -> [2012/10/23 14:11:22 | 000,001,168 | ---- | M] ()
 Magic Online.lnk -> C:\Users\Public\Desktop\Magic Online.lnk -> [2012/10/19 14:13:23 | 000,002,171 | ---- | M] ()
 1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> 
 
[Files - No Company Name]
 PEV.exe -> C:\Windows\PEV.exe -> [2013/01/08 09:18:44 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2013/01/08 09:18:44 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2013/01/08 09:18:44 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2013/01/08 09:18:44 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2013/01/08 09:18:44 | 000,068,096 | ---- | C] ()
 gmer.exe -> C:\Users\Kyle\Desktop\gmer.exe -> [2013/01/07 16:30:20 | 000,365,568 | ---- | C] ()
 Dead Island.url -> C:\Users\Kyle\Desktop\Dead Island.url -> [2012/12/21 15:08:10 | 000,000,221 | ---- | C] ()
 Ventrilo.lnk -> C:\Users\Public\Desktop\Ventrilo.lnk -> [2012/12/10 20:58:53 | 000,000,871 | ---- | C] ()
 {789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2012/12/10 20:58:50 | 000,000,268 | ---- | C] ()
 MumbleAutomaticCertificateBackup.p12 -> C:\Users\Kyle\Documents\MumbleAutomaticCertificateBackup.p12 -> [2012/12/09 16:44:52 | 000,002,378 | ---- | C] ()
 Mumble.lnk -> C:\Users\Public\Desktop\Mumble.lnk -> [2012/12/09 16:43:45 | 000,001,014 | ---- | C] ()
 PlanetSide 2.url -> C:\Users\Kyle\Desktop\PlanetSide 2.url -> [2012/11/22 12:48:17 | 000,000,222 | ---- | C] ()
 projerct.odt -> C:\Users\Kyle\Documents\projerct.odt -> [2012/11/19 02:10:08 | 000,008,861 | ---- | C] ()
 World of Warcraft.lnk -> C:\Users\Public\Desktop\World of Warcraft.lnk -> [2012/11/18 11:55:10 | 000,001,287 | ---- | C] ()
 TeamSpeak 3 Client.lnk -> C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> [2012/11/17 14:24:43 | 000,001,162 | ---- | C] ()
 SwiftKit.lnk -> C:\Users\Kyle\Desktop\SwiftKit.lnk -> [2012/11/17 13:27:35 | 000,001,007 | ---- | C] ()
 MRT.INI -> C:\Windows\SysNative\MRT.INI -> [2012/11/16 03:01:24 | 000,000,127 | ---- | C] ()
 {8F9AE9F0-FF62-B37B-2E9A-BB02AA3D785B}.dat -> C:\Users\Kyle\AppData\Local\{8F9AE9F0-FF62-B37B-2E9A-BB02AA3D785B}.dat -> [2012/10/27 01:51:53 | 000,079,358 | ---- | C] ()
 hinduism.odt -> C:\Users\Kyle\Documents\hinduism.odt -> [2012/10/23 21:07:57 | 000,021,075 | ---- | C] ()
 OpenOffice.org 3.4.1.lnk -> C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk -> [2012/10/23 14:44:30 | 000,001,235 | ---- | C] ()
 OpenOffice.org 3.4.1.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk -> [2012/10/23 14:11:22 | 000,001,168 | ---- | C] ()
 Magic Online.lnk -> C:\Users\Public\Desktop\Magic Online.lnk -> [2012/10/19 14:13:23 | 000,002,171 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2012/08/20 18:30:11 | 000,000,000 | ---- | C] ()
 ativvsvl.dat -> C:\Windows\SysWow64\ativvsvl.dat -> [2012/08/20 18:28:32 | 000,204,952 | ---- | C] ()
 ativvsva.dat -> C:\Windows\SysWow64\ativvsva.dat -> [2012/08/20 18:28:32 | 000,157,144 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2012/08/20 18:28:32 | 000,003,917 | ---- | C] ()
 ig7icd32.dll -> C:\Windows\SysWow64\ig7icd32.dll -> [2012/08/20 00:30:49 | 013,024,256 | ---- | C] ()
 igkrng700.bin -> C:\Windows\SysWow64\igkrng700.bin -> [2012/08/20 00:30:49 | 000,755,188 | ---- | C] ()
 igfcg700m.bin -> C:\Windows\SysWow64\igfcg700m.bin -> [2012/08/20 00:30:49 | 000,561,508 | ---- | C] ()
 igdde32.dll -> C:\Windows\SysWow64\igdde32.dll -> [2012/08/20 00:30:49 | 000,058,880 | ---- | C] ()
 kdbsdk32.dll -> C:\Windows\SysWow64\kdbsdk32.dll -> [2012/05/10 15:35:16 | 000,029,184 | ---- | C] ()
< End of report >
 
dvk01

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

or to
http://www.bleepingcomputer.com/submit-malware.php?channel=38
 

Attachments

M

MrMurdstone

Thread Starter
Joined
Mar 7, 2012
Messages
55
Combofix.txt:

ComboFix 13-01-08.01 - Kyle 01/09/2013 14:24:15.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8101.6320 [GMT -8:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
Command switches used :: c:\users\Kyle\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kyle\AppData\Local\AMD\kwjorpbj.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 22:28 . 2013-01-09 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 22:07 . 2013-01-09 22:28 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2013-01-09 02:54 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 02:54 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 02:54 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 02:54 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 02:54 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 02:54 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 02:54 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 02:54 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 02:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 02:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 00:04 . 2013-01-08 00:04 -------- d-----w- c:\users\Kyle\AppData\Local\Programs
2012-12-21 07:29 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 07:29 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 07:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 07:29 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-12 22:24 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 04:59 . 2012-12-11 05:00 -------- d-----w- c:\users\Kyle\AppData\Roaming\Ventrilo
2012-12-11 04:58 . 2012-12-11 04:58 -------- d-----w- c:\program files (x86)\Ventrilo
2012-12-11 04:58 . 2012-12-11 04:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 22:28 . 2012-08-20 08:43 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2013-01-09 08:09 . 2012-08-21 05:01 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-15 00:49 . 2012-08-21 02:18 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-22 07:30 . 2012-11-22 07:30 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-22 07:30 . 2012-11-22 07:30 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-11-22 07:30 . 2012-11-22 07:30 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-22 07:30 . 2012-11-22 07:30 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-11-08 17:24 . 2012-12-02 12:42 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{780B870E-A573-4176-8A4A-BE14044705A4}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Kyle\AppData\Local\AMD ----
.
.
---- Directory of c:\users\Kyle\AppData\Local\SCE ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-26 2380752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-8-31 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-17 30336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-21 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-22 49760]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-01-13 31016]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-12 239616]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-24 95760]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-01-09 34752]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 05:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-22 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-22 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\mqc4bwx7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ASRock InstantBoot_is1 - c:\program files (x86)\ASRock Utility\InstantBoot\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2013-01-09 14:32:10 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-09 22:32
ComboFix2.txt 2013-01-08 17:25
.
Pre-Run: 787,154,673,664 bytes free
Post-Run: 787,090,087,936 bytes free
.
- - End Of File - - 9949080E585C8B39D432B88FE699863C
Upload was successful
 
dvk01

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
how is it now
 
dvk01

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop
Please double-click OTS.exe to run it.

press clean-up & it will delete/uninstall all the tools we have used to fix your problems and all their backup folders and then delete itself when you next reboot
Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 588 (members: 4, guests: 584)
Top