[scottandrew10]

I am having alot of trouble with my internet searches. Almost every other time I do a google search and click any search result I get a random redirect.

I tried running Malwarebytes but they same problem keeps comming back.

I have installed Avira as well and I am constantly getting warnings every minute or so saying it found the TR/ATRAPS.Gen2.

It also finds TR/Agent.27648.76 and W32/Patched.UA a few times as well.

Please help.

Thanks in advance.
scottandrew10

OTL.Txt
OTL logfile created on: 6/22/2012 9:49:18 PM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\ScottAndrew\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 71.40% Memory free
15.82 Gb Paging File | 13.41 Gb Available in Paging File | 84.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 44.21 Gb Total Space | 3.33 Gb Free Space | 7.54% Space Free | Partition Type: NTFS
Drive E: | 67.99 Gb Total Space | 11.35 Gb Free Space | 16.69% Space Free | Partition Type: HFS

Computer Name: SCOTTANDREW-PC | User Name: ScottAndrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/22 21:48:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ScottAndrew\Desktop\OTL.exe
PRC - [2012/06/14 17:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/10 04:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/06/13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/06/13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 17:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/28 21:35:05 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/23 02:07:39 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/06/29 07:49:38 | 000,111,488 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV:64bit: - [2011/06/29 07:49:36 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2011/06/13 18:34:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/03 05:00:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/14 17:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/06/13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/31 08:57:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/01/31 08:57:30 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/11/29 21:09:21 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/29 07:49:44 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2011/06/29 07:49:44 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2011/06/29 07:49:42 | 000,022,872 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2011/06/29 07:49:42 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2011/06/13 18:37:15 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/06/13 18:37:12 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter)
DRV:64bit: - [2011/06/13 18:37:07 | 004,798,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/06/13 18:37:06 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/06/13 18:34:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/13 18:34:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/26 21:13:25 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2011/03/25 03:32:04 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV:64bit: - [2011/03/25 03:31:56 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp)
DRV:64bit: - [2011/03/25 03:31:56 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2011/03/25 03:31:33 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV:64bit: - [2011/02/14 08:19:30 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3198785
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 74 96 FD 20 F5 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/22 20:18:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/23 01:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Extensions
[2012/06/22 19:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\extensions
[2012/06/04 00:47:22 | 000,000,000 | ---D | M] (Manilla) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\extensions\{B9A5DFD3-99A9-465d-87B0-A6922A7AFCD7}
[2012/05/22 21:44:37 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\extensions\[email protected]
[2012/06/21 22:17:26 | 000,000,917 | ---- | M] () -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\searchplugins\conduit.xml
[2012/06/22 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/15 23:13:12 | 000,019,486 | ---- | M] () (No name found) -- C:\USERS\SCOTTANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B8Z6EFTV.DEFAULT\EXTENSIONS\[email protected]
[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/15 19:10:15 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/22 20:26:42 | 000,000,794 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A1AAAE0-4A88-4416-95E8-D27F1229876C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE63949E-13F7-410B-A926-2F3273D2B934}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9d9a8b89-fd40-11e0-9203-c82a143e9bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9a8b89-fd40-11e0-9203-c82a143e9bb2}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 21:48:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ScottAndrew\Desktop\OTL.exe
[2012/06/22 21:30:34 | 004,565,264 | R--- | C] (Swearware) -- C:\Users\ScottAndrew\Desktop\ComboFix.exe
[2012/06/22 21:05:37 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Avira
[2012/06/22 21:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/22 21:00:23 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/22 21:00:23 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/22 21:00:23 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/22 21:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/22 21:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/22 20:32:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 20:32:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 20:32:33 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/22 20:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/21 22:38:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/06/21 22:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/06/21 22:16:14 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Local\Conduit
[2012/06/21 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/21 17:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/21 17:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/21 17:33:44 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Malwarebytes
[2012/06/21 17:33:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/21 17:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/21 17:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/21 17:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/19 22:12:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/17 13:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/11 00:40:38 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Desktop\cutting board
[2012/05/28 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Polar Engineering
[2012/05/28 21:31:38 | 000,145,448 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2012/05/28 21:31:35 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Documents\Downloaded Installations
[2012/05/28 21:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinWrap Basic v10 - For COM (x64) NET 4.0 Utility
[2012/05/28 21:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Polar Engineering
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delcam
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Delcam
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\dcam
[2012/05/28 21:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Delcam
[2012/05/28 21:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\FeatureCAM
[2012/05/28 21:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Delcam
[2012/05/28 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Desktop\FeatureCAM_2012_R3_SP0_64bit
[2012/05/28 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Nico Mak Computing
[2012/05/28 19:22:36 | 000,018,760 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2012/05/28 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Desktop\FONTS
[2012/05/28 11:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\[bleep] NFO Viewer

========== Files - Modified Within 30 Days ==========

[2012/06/23 00:44:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 00:44:06 | 2077,282,303 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 21:48:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ScottAndrew\Desktop\OTL.exe
[2012/06/22 21:30:47 | 004,565,264 | R--- | M] (Swearware) -- C:\Users\ScottAndrew\Desktop\ComboFix.exe
[2012/06/22 21:00:25 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/22 20:58:57 | 087,031,672 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\avira_free_antivirus_en.exe
[2012/06/22 20:18:08 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/22 19:54:09 | 000,304,640 | ---- | M] () -- C:\Users\ScottAndrew\AppData\Local\qzrownjw.exe
[2012/06/22 19:51:19 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 19:51:19 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 19:48:32 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/22 19:48:32 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/22 19:48:32 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/21 17:39:28 | 000,001,270 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\Spybot - Search & Destroy.lnk
[2012/06/21 17:33:41 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 19:51:57 | 000,047,062 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\sink.jpg
[2012/06/09 19:41:09 | 000,052,605 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\sink.pdf
[2012/05/31 17:45:34 | 001,327,192 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\5870.dxf
[2012/05/31 17:43:44 | 000,800,086 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\5870.dwg
[2012/05/28 21:38:21 | 000,000,109 | -H-- | M] () -- C:\Windows\EZFM_ui.INI
[2012/05/28 21:32:00 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\PAFWizard 2012 (64-bit).lnk
[2012/05/28 21:30:42 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\FeatureCAM (64-bit).lnk

========== Files Created - No Company Name ==========

[2012/06/22 21:35:14 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\00000008.@
[2012/06/22 21:35:12 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000032.@
[2012/06/22 21:35:11 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000064.@
[2012/06/22 21:35:11 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000000.@
[2012/06/22 21:35:10 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\00000004.@
[2012/06/22 21:35:10 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\000000cb.@
[2012/06/22 21:35:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\L\00000004.@
[2012/06/22 21:00:25 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/22 20:56:30 | 087,031,672 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\avira_free_antivirus_en.exe
[2012/06/22 20:18:08 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/22 20:18:08 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/22 19:54:09 | 000,304,640 | ---- | C] () -- C:\Users\ScottAndrew\AppData\Local\qzrownjw.exe
[2012/06/21 17:39:28 | 000,001,270 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\Spybot - Search & Destroy.lnk
[2012/06/21 17:33:41 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 19:51:57 | 000,047,062 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\sink.jpg
[2012/06/09 19:41:09 | 000,052,605 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\sink.pdf
[2012/05/31 17:45:34 | 001,327,192 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\5870.dxf
[2012/05/31 17:43:43 | 000,800,086 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\5870.dwg
[2012/05/28 21:38:21 | 000,000,109 | -H-- | C] () -- C:\Windows\EZFM_ui.INI
[2012/05/28 21:32:00 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\PAFWizard 2012 (64-bit).lnk
[2012/05/28 21:30:42 | 000,001,703 | ---- | C] () -- C:\Users\Public\Desktop\FeatureCAM (64-bit).lnk
[2011/10/23 09:38:47 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/10/23 02:03:24 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/22 23:05:53 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/22 23:04:14 | 000,014,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/10/22 23:01:49 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/23 04:46:38 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll

========== LOP Check ==========

[2011/11/05 14:59:32 | 000,000,000 | ---D | M] -- C:\Users\ScottAndrew\AppData\Roaming\3Dconnexion
[2011/11/14 14:07:27 | 000,000,000 | ---D | M] -- C:\Users\ScottAndrew\AppData\Roaming\Autodesk
[2012/01/28 18:59:32 | 000,000,000 | ---D | M] -- C:\Users\ScottAndrew\AppData\Roaming\DAEMON Tools Lite
[2012/06/16 19:47:42 | 000,000,000 | ---D | M] -- C:\Users\ScottAndrew\AppData\Roaming\Nico Mak Computing
[2012/05/28 21:38:22 | 000,000,000 | ---D | M] -- C:\Users\ScottAndrew\AppData\Roaming\Polar Engineering
[2009/07/14 00:08:49 | 000,016,198 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[Advertisements]

Hello, scottandrew10!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for scottandrew10 only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.

[Nedklaw]

Hello, scottandrew10!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for scottandrew10 only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.

[Nedklaw]

Hi.


Step 1

We need to disable Spybot S&D's "TeaTimer".

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

• Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
• If prompted with a legal dialog, accept the warning.
• Click Mode and then on "Advanced Mode".
  
• You may be presented with a warning dialog. If so, press Yes.
• Click on
• Click on
• Uncheck these checkboxes:
  
• Close/Exit Spybot Search and Destroy.

Step 2

Please uninstall the follwing programs via Control Panel > Uninstall a Program (if present):

• Conduit
  
• Viewpoint (Manager, Media Player, etc.)

Viewpoint is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". I recommend you uninstall your Viewpoint product but it is your choice.
This may change, read Viewpoint to Plunge Into Adware.


Step 3

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.




Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :Commands
  [CREATERESTOREPOINT]
  
  :OTL 
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3198785
  IE - HKCU\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - No CLSID value found
  FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q="
  [2012/06/21 22:17:26 | 000,000,917 | ---- | M] () -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\searchplugins\conduit.xml
  [2012/04/15 19:10:15 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  [2012/06/21 22:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
  [2012/06/21 22:16:14 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Local\Conduit
  [2012/06/22 19:54:09 | 000,304,640 | ---- | M] () -- C:\Users\ScottAndrew\AppData\Local\qzrownjw.exe
  
  :Files
  C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}
  ipconfig /flushdns /c
  
  :Commands 
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post the log that appears upon reboot in your next reply.
• If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
• Open OTL again and select the "Scan All Users" box.
• Click the Quick Scan button. Post the log it produces in your next reply.

Step 4

Delete your current copy of ComboFix and download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Things I want to see in your next reply

• OTL Fix Log
• OTL.txt
• ComboFix.txt

[scottandrew10]

I have pasted the OTL fix log as well as the combofix log.

You requested OTL.txt which I assumed was just the OTL fix log.

Please let me know if I need to paste another log.





OTL Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cce665dd-f6dd-4808-968e-eaec971f70ef} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cce665dd-f6dd-4808-968e-eaec971f70ef}\ not found.
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\searchplugins\conduit.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\ScottAndrew\AppData\Local\Conduit folder moved successfully.
C:\Users\ScottAndrew\AppData\Local\qzrownjw.exe moved successfully.
========== FILES ==========
C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U folder moved successfully.
C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\L folder moved successfully.
C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ScottAndrew\Desktop\cmd.bat deleted successfully.
C:\Users\ScottAndrew\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: ScottAndrew
->Temp folder emptied: 17992976 bytes
->Temporary Internet Files folder emptied: 39018691 bytes
->Java cache emptied: 130832 bytes
->FireFox cache emptied: 384072242 bytes
->Flash cache emptied: 58927 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23422938 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 46664846 bytes

Total Files Cleaned = 488.00 mb


OTL by OldTimer - Version 3.2.52.0 log created on 06232012_182903

Files\Folders moved on Reboot...
C:\Users\ScottAndrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...





combofix log
ComboFix 12-06-23.05 - ScottAndrew 06/23/2012 18:47:38.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8103.6671 [GMT -5:00]
Running from: c:\users\ScottAndrew\Desktop\ComboFix.exe
Command switches used :: c:\users\ScottAndrew\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ScottAndrew\AppData\Local\{57dc159f-17bb-c9fb-c936-8b986f31693a}\@
c:\users\ScottAndrew\AppData\Local\{57dc159f-17bb-c9fb-c936-8b986f31693a}\n
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\L\00000004.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\L\1afb2d56
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\L\201d3dde
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\n
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\00000004.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\00000008.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\000000cb.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000000.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000032.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 23:49 . 2012-06-23 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 03:38 . 2012-06-22 03:38 -------- d-----w- c:\windows\system32\appmgmt
2012-06-21 22:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:39 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:39 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 22:39 . 2012-06-21 22:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-21 22:39 . 2012-06-21 22:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-21 22:33 . 2012-06-21 22:33 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Malwarebytes
2012-06-21 22:33 . 2012-06-21 22:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 22:33 . 2012-06-21 22:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 22:33 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 03:12 . 2012-06-20 03:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-19 22:02 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AE1699C-E3CF-40FE-BBAB-D0AB03F664C9}\mpengine.dll
2012-06-17 18:02 . 2012-06-17 18:02 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 18:02 . 2012-06-17 18:02 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-17 18:02 . 2012-06-17 18:02 -------- d-----w- c:\program files\Java
2012-05-29 02:38 . 2012-05-29 02:38 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Polar Engineering
2012-05-29 02:35 . 2012-05-29 02:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-29 02:31 . 2009-09-17 12:05 145448 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2012-05-29 02:30 . 2012-05-29 02:30 -------- d-----w- c:\program files\Polar Engineering
2012-05-29 02:30 . 2012-05-29 02:31 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2012-05-29 02:30 . 2012-05-29 02:30 -------- d-----w- c:\program files (x86)\Common Files\Delcam
2012-05-29 02:30 . 2012-05-29 02:30 -------- d-----w- C:\dcam
2012-05-29 02:30 . 2012-05-29 02:31 -------- d-----w- c:\program files\Common Files\Delcam
2012-05-29 02:30 . 2012-05-29 02:37 -------- d-----w- c:\programdata\FeatureCAM
2012-05-29 02:30 . 2012-05-29 02:31 -------- d-----w- c:\program files\Delcam
2012-05-29 00:22 . 2012-06-17 00:47 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Nico Mak Computing
2012-05-29 00:22 . 2011-11-10 15:33 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-05-28 16:36 . 2012-05-28 16:36 -------- d-----w- c:\program files (x86)\[bleep] NFO Viewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 02:35 . 2011-10-30 21:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe [2011-7-23 128000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-06-13 2655768]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-23 1431888]
R3 libusb0;PlanetCNC - Kernel Driver 02.14.2011 1.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2011-06-03 848184]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [x]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [x]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: extensions.autoDisableScopes - 14);//iBryteuser_pref(extensions.BabylonToolbar_i.babTrack, affID=110014&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a42079d000000000000e4ce8f2b5e8f
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a42079d000000000000e4ce8f2b5e8f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:10
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-23 18:52:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 23:52
.
Pre-Run: 3,409,076,224 bytes free
Post-Run: 3,589,304,320 bytes free
.
- - End Of File - - 4F6FBB53890075A00DC6363063D89801

[Nedklaw]

Hi.
OTL.txt is the log produced after OTL has done a scan.

[scottandrew10]

Here is the OTL scan log

OTL logfile created on: 6/23/2012 8:54:01 PM - Run 2
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\ScottAndrew\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 81.13% Memory free
15.82 Gb Paging File | 14.20 Gb Available in Paging File | 89.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 44.21 Gb Total Space | 3.35 Gb Free Space | 7.58% Space Free | Partition Type: NTFS
Drive E: | 67.99 Gb Total Space | 11.35 Gb Free Space | 16.69% Space Free | Partition Type: HFS

Computer Name: SCOTTANDREW-PC | User Name: ScottAndrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/22 21:48:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ScottAndrew\Desktop\OTL.exe
PRC - [2012/06/14 17:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/10 04:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/06/13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/06/13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 17:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/23 02:07:39 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/06/29 07:49:38 | 000,111,488 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV:64bit: - [2011/06/29 07:49:36 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2011/06/13 18:34:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/03 05:00:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/14 17:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/06/13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/31 08:57:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/01/31 08:57:30 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/11/29 21:09:21 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/29 07:49:44 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2011/06/29 07:49:44 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2011/06/29 07:49:42 | 000,022,872 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2011/06/29 07:49:42 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2011/06/13 18:37:15 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/06/13 18:37:12 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter)
DRV:64bit: - [2011/06/13 18:37:07 | 004,798,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/06/13 18:37:06 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/06/13 18:34:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/13 18:34:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/26 21:13:25 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2011/03/25 03:32:04 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV:64bit: - [2011/03/25 03:31:56 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp)
DRV:64bit: - [2011/03/25 03:31:56 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2011/03/25 03:31:33 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV:64bit: - [2011/02/14 08:19:30 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 74 96 FD 20 F5 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/22 20:18:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/23 01:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Extensions
[2012/06/22 19:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\extensions
[2012/06/04 00:47:22 | 000,000,000 | ---D | M] (Manilla) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\extensions\{B9A5DFD3-99A9-465d-87B0-A6922A7AFCD7}
[2012/05/22 21:44:37 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\extensions\[email protected]
[2012/06/22 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/15 23:13:12 | 000,019,486 | ---- | M] () (No name found) -- C:\USERS\SCOTTANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B8Z6EFTV.DEFAULT\EXTENSIONS\[email protected]
[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/23 18:49:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A1AAAE0-4A88-4416-95E8-D27F1229876C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE63949E-13F7-410B-A926-2F3273D2B934}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 18:52:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/23 18:50:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/23 18:47:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/23 18:47:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/23 18:47:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/23 18:43:31 | 004,565,820 | R--- | C] (Swearware) -- C:\Users\ScottAndrew\Desktop\ComboFix.exe
[2012/06/23 18:29:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/23 18:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012/06/22 21:48:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ScottAndrew\Desktop\OTL.exe
[2012/06/22 21:05:37 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Avira
[2012/06/22 21:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/22 21:00:23 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/22 21:00:23 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/22 21:00:23 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/22 21:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/22 21:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/22 20:32:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 20:32:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 20:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/22 20:12:49 | 000,543,024 | ---- | C] (Microsoft Corporation) -- C:\Users\ScottAndrew\Desktop\IE9-Windows7-x64-enu.exe
[2012/06/22 20:06:33 | 016,577,248 | ---- | C] (Mozilla) -- C:\Users\ScottAndrew\Desktop\Firefox Setup 13.0.1.exe
[2012/06/21 22:38:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/06/21 17:40:00 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 17:40:00 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 17:40:00 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 17:39:59 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 17:39:59 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 17:39:59 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 17:39:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 17:39:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/21 17:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/21 17:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/21 17:33:44 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Malwarebytes
[2012/06/21 17:33:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/21 17:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/21 17:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/21 17:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/19 22:12:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/17 13:02:27 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/17 13:02:27 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/17 13:02:27 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/17 13:02:25 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/17 13:02:25 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/17 13:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/11 00:40:38 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Desktop\cutting board
[2012/05/28 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Polar Engineering
[2012/05/28 21:35:05 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/28 21:31:38 | 000,145,448 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2012/05/28 21:31:35 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Documents\Downloaded Installations
[2012/05/28 21:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinWrap Basic v10 - For COM (x64) NET 4.0 Utility
[2012/05/28 21:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Polar Engineering
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delcam
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Delcam
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\dcam
[2012/05/28 21:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Delcam
[2012/05/28 21:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\FeatureCAM
[2012/05/28 21:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Delcam
[2012/05/28 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Desktop\FeatureCAM_2012_R3_SP0_64bit
[2012/05/28 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Nico Mak Computing
[2012/05/28 19:22:36 | 000,018,760 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2012/05/28 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Desktop\FONTS
[2012/05/28 11:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\[bleep] NFO Viewer

========== Files - Modified Within 30 Days ==========

[2012/06/23 18:57:26 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 18:57:26 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 18:50:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 18:50:12 | 2077,282,303 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/23 18:49:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/23 18:43:46 | 004,565,820 | R--- | M] (Swearware) -- C:\Users\ScottAndrew\Desktop\ComboFix.exe
[2012/06/23 18:35:53 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/23 18:35:53 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/23 18:35:53 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/22 21:48:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ScottAndrew\Desktop\OTL.exe
[2012/06/22 21:00:25 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/22 20:58:57 | 087,031,672 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\avira_free_antivirus_en.exe
[2012/06/22 20:18:08 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/22 20:12:49 | 000,543,024 | ---- | M] (Microsoft Corporation) -- C:\Users\ScottAndrew\Desktop\IE9-Windows7-x64-enu.exe
[2012/06/22 20:07:22 | 016,577,248 | ---- | M] (Mozilla) -- C:\Users\ScottAndrew\Desktop\Firefox Setup 13.0.1.exe
[2012/06/21 17:39:28 | 000,001,270 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\Spybot - Search & Destroy.lnk
[2012/06/21 17:33:41 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 13:02:23 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/17 13:02:23 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/17 13:02:23 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/17 13:02:23 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/17 13:02:23 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/09 19:51:57 | 000,047,062 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\sink.jpg
[2012/06/09 19:41:09 | 000,052,605 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\sink.pdf
[2012/06/02 17:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 17:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 17:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 17:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 17:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 17:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/05/31 17:45:34 | 001,327,192 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\5870.dxf
[2012/05/31 17:43:44 | 000,800,086 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\5870.dwg
[2012/05/28 21:38:21 | 000,000,109 | -H-- | M] () -- C:\Windows\EZFM_ui.INI
[2012/05/28 21:35:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/28 21:35:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/28 21:32:00 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\PAFWizard 2012 (64-bit).lnk
[2012/05/28 21:30:42 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\FeatureCAM (64-bit).lnk

========== Files Created - No Company Name ==========

[2012/06/23 18:47:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/23 18:47:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/23 18:47:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/23 18:47:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/23 18:47:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 21:00:25 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/22 20:56:30 | 087,031,672 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\avira_free_antivirus_en.exe
[2012/06/22 20:18:08 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/22 20:18:08 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/21 17:39:28 | 000,001,270 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\Spybot - Search & Destroy.lnk
[2012/06/21 17:33:41 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 19:51:57 | 000,047,062 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\sink.jpg
[2012/06/09 19:41:09 | 000,052,605 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\sink.pdf
[2012/05/31 17:45:34 | 001,327,192 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\5870.dxf
[2012/05/31 17:43:43 | 000,800,086 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\5870.dwg
[2012/05/28 21:38:21 | 000,000,109 | -H-- | C] () -- C:\Windows\EZFM_ui.INI
[2012/05/28 21:32:00 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\PAFWizard 2012 (64-bit).lnk
[2012/05/28 21:30:42 | 000,001,703 | ---- | C] () -- C:\Users\Public\Desktop\FeatureCAM (64-bit).lnk
[2011/10/23 09:38:47 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/10/23 02:03:24 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/22 23:05:53 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/22 23:04:14 | 000,014,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/10/22 23:01:49 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/23 04:46:38 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll

< End of report >

[Nedklaw]

Hi.

Drive C: | 44.21 Gb Total Space | 3.33 Gb Free Space | 7.54% Space Free | Partition Type: NTFS

To ensure our tools run properly, the minimum free disk space required is 15%. I advise that you free some space up on drive C by uninstalling unwanted programs and deleting any personal files you don't want.


Step 1

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Registry:: 
[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions]
[-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

Firefox::
FF - ProfilePath - c:\users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\
FF - user.js: extensions.autoDisableScopes - 14);//iBryteuser_pref(extensions.BabylonToolbar_i.babTrack, affID=110014&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a42079d000000000000e4ce8f2b5e8f
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a42079d000000000000e4ce8f2b5e8f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:10
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save this as CFScript.txt, in the same location as ComboFix.exe.




Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 2

Please download Malwarebytes' Anti-Malware from Here.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start.
• When asked, allow the ActiveX control to install.
• Click Start.
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
• Click Scan. (This scan can take several hours, so please be patient).
• Once the scan is completed, you may close the window.
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 4

How is your system running now?
Are you experiencing any problems?


Things I want to see in your next reply

• ComboFix.txt
• MBAM Log
• log.txt
• Answers to my questions

[scottandrew10]

I currently use all of the programs loaded so there is nothing I can remove for more free disk space.



ComboFix Log

ComboFix 12-06-23.05 - ScottAndrew 06/24/2012 12:36:11.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8103.6506 [GMT -5:00]
Running from: c:\users\ScottAndrew\Desktop\ComboFix.exe
Command switches used :: c:\users\ScottAndrew\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 17:38 . 2012-06-24 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 23:29 . 2012-06-23 23:29 -------- d-----w- C:\_OTL
2012-06-23 23:25 . 2012-06-23 23:25 -------- d-----w- c:\program files\Microsoft Games
2012-06-23 02:05 . 2012-06-23 02:05 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Avira
2012-06-23 02:00 . 2012-06-24 03:18 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-23 02:00 . 2012-06-24 03:18 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-23 02:00 . 2011-09-16 21:09 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-23 02:00 . 2012-06-23 02:00 -------- d-----w- c:\programdata\Avira
2012-06-23 02:00 . 2012-06-23 02:00 -------- d-----w- c:\program files (x86)\Avira
2012-06-22 03:38 . 2012-06-22 03:38 -------- d-----w- c:\windows\system32\appmgmt
2012-06-21 22:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:39 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:39 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 22:39 . 2012-06-21 22:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-21 22:39 . 2012-06-21 22:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-21 22:33 . 2012-06-21 22:33 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Malwarebytes
2012-06-21 22:33 . 2012-06-21 22:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 22:33 . 2012-06-21 22:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 22:33 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 03:12 . 2012-06-20 03:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-19 22:02 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AE1699C-E3CF-40FE-BBAB-D0AB03F664C9}\mpengine.dll
2012-06-17 18:02 . 2012-06-17 18:02 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 18:02 . 2012-06-17 18:02 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-17 18:02 . 2012-06-17 18:02 -------- d-----w- c:\program files\Java
2012-05-29 02:38 . 2012-05-29 02:38 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Polar Engineering
2012-05-29 02:35 . 2012-05-29 02:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-29 02:31 . 2009-09-17 12:05 145448 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2012-05-29 02:30 . 2012-05-29 02:30 -------- d-----w- c:\program files\Polar Engineering
2012-05-29 02:30 . 2012-05-29 02:31 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2012-05-29 02:30 . 2012-05-29 02:30 -------- d-----w- c:\program files (x86)\Common Files\Delcam
2012-05-29 02:30 . 2012-05-29 02:30 -------- d-----w- C:\dcam
2012-05-29 02:30 . 2012-05-29 02:31 -------- d-----w- c:\program files\Common Files\Delcam
2012-05-29 02:30 . 2012-05-29 02:37 -------- d-----w- c:\programdata\FeatureCAM
2012-05-29 02:30 . 2012-05-29 02:31 -------- d-----w- c:\program files\Delcam
2012-05-29 00:22 . 2012-06-17 00:47 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Nico Mak Computing
2012-05-29 00:22 . 2011-11-10 15:33 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-05-28 16:36 . 2012-05-28 16:36 -------- d-----w- c:\program files (x86)\[bleep] NFO Viewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 02:35 . 2011-10-30 21:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_23.50.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-23 23:51 29198 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-23 23:52 30600 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-23 10:38 . 2012-06-24 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 10:38 . 2012-06-23 23:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 10:38 . 2012-06-23 23:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-23 10:38 . 2012-06-24 17:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-24 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-23 23:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-23 05:58 . 2012-06-23 23:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-23 05:58 . 2012-06-23 23:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 05:58 . 2012-06-23 23:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-23 05:58 . 2012-06-24 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 05:58 . 2012-06-24 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 04:07 . 2012-06-23 23:52 3058 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2230358728-1914598529-2984429319-1000_UserData.bin
+ 2012-06-23 23:50 . 2012-06-23 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-24 21:13 . 2012-06-24 17:10 312986 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-06-24 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe [2011-7-23 128000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-23 1431888]
R3 libusb0;PlanetCNC - Kernel Driver 02.14.2011 1.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-24 86224]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2011-06-03 848184]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-06-13 2655768]
S2 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [x]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [x]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-24 12:39:03
ComboFix-quarantined-files.txt 2012-06-24 17:39
ComboFix2.txt 2012-06-23 23:52
.
Pre-Run: 3,104,165,888 bytes free
Post-Run: 3,058,188,288 bytes free
.
- - End Of File - - 364DE15440707DF5182A580B799D0EA1






MBAM Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ScottAndrew :: SCOTTANDREW-PC [administrator]

6/24/2012 12:44:39 PM
mbam-log-2012-06-24 (12-44-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205925
Time elapsed: 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b839fe4987f99746aadbd0847cf92c26
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-24 10:50:23
# local_time=2012-06-24 05:50:23 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 92103653 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=626987
# found=3
# cleaned=2
# scan_time=18020
C:\Qoobox\Quarantine\C\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\[email protected] Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06232012_182903\C_Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Sirefef.EZ trojan 00000000000000000000000000000000 I





I am still getting google redirects just as I was before.

[Nedklaw]

Hi.

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.




On completion of the scan click save log, save it to your desktop and post it in your next reply.




Things I want to see in your next reply

• aswMBR.txt

[scottandrew10]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-24 22:39:24
-----------------------------
22:39:24.949 OS Version: Windows x64 6.1.7601 Service Pack 1
22:39:24.949 Number of processors: 8 586 0x2A07
22:39:24.950 ComputerName: SCOTTANDREW-PC UserName: ScottAndrew
22:39:25.142 Initialize success
22:45:05.416 AVAST engine defs: 12062401
22:46:18.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:46:18.146 Disk 0 Vendor: APPLE_SSD_TS128C CJAA0201 Size: 115712MB BusType: 3
22:46:18.152 Disk 0 MBR read successfully
22:46:18.158 Disk 0 MBR scan
22:46:18.169 Disk 0 Windows 7 default MBR code
22:46:18.174 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
22:46:18.182 Disk 0 Partition 2 00 AF HFS / HFS+ 69618 MB offset 409640
22:46:18.190 Disk 0 Partition 3 00 AB Darwin boot 619 MB offset 142987768
22:46:18.198 Disk 0 Partition 4 80 (A) 07 HPFS/NTFS NTFS 45272 MB offset 144259072
22:46:18.207 Disk 0 scanning C:\Windows\system32\drivers
22:46:20.598 Service scanning
22:46:26.968 Modules scanning
22:46:26.987 Disk 0 trace - called modules:
22:46:27.001 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80075e32c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:46:27.010 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e48790]
22:46:27.017 3 CLASSPNP.SYS[fffff88001b9443f] -> nt!IofCallDriver -> [0xfffffa8007c07670]
22:46:27.025 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007c0f060]
22:46:27.032 \Driver\atapi[0xfffffa8007c06060] -> IRP_MJ_CREATE -> 0xfffffa80075e32c0
22:46:27.179 AVAST engine scan C:\Windows
22:46:27.676 AVAST engine scan C:\Windows\system32
22:47:00.379 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:47:00.907 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:47:33.555 AVAST engine scan C:\Windows\system32\drivers
22:47:39.138 AVAST engine scan C:\Users\ScottAndrew
22:47:45.023 File: C:\Users\ScottAndrew\AppData\Local\{57dc159f-17bb-c9fb-c936-8b986f31693a}\n **INFECTED** Win32:Sirefef-PL [Rtk]
22:47:53.228 AVAST engine scan C:\ProgramData
22:48:13.796 Scan finished successfully
22:49:40.345 Disk 0 MBR has been saved successfully to "C:\Users\ScottAndrew\Desktop\MBR.dat"
22:49:40.352 The log file has been saved successfully to "C:\Users\ScottAndrew\Desktop\aswMBR.txt"

[Nedklaw]

Hi.
There are still some leftovers from the infection which are likely to be causing the redirects.


Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer 3 options.
  
• Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Step 2

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.




Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :Commands 
  [CREATERESTOREPOINT] 
  
  :Files
  C:\Windows\assembly\GAC_32\Desktop.ini
  C:\Windows\assembly\GAC_64\Desktop.ini
  C:\Users\ScottAndrew\AppData\Local\{57dc159f-17bb-c9fb-c936-8b986f31693a}
  ipconfig /flushdns /c
  
  :Commands 
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post the log that appears upon reboot in your next reply.
• If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
• Open OTL again and select the "Scan All Users" box.
• Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

Are you still getting redirected?


Things I want to see in your next reply

• TDSSKiller.[Version]_[Date]_[Time]_log.txt
• OTL Fix Log
• OTL.txt
• Answer to my question

[scottandrew10]

TDSSKiller Log

17:53:39.0122 237504 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
17:53:39.0717 237504 ============================================================
17:53:39.0718 237504 Current date / time: 2012/06/25 17:53:39.0717
17:53:39.0718 237504 SystemInfo:
17:53:39.0718 237504
17:53:39.0718 237504 OS Version: 6.1.7601 ServicePack: 1.0
17:53:39.0718 237504 Product type: Workstation
17:53:39.0718 237504 ComputerName: SCOTTANDREW-PC
17:53:39.0718 237504 UserName: ScottAndrew
17:53:39.0718 237504 Windows directory: C:\Windows
17:53:39.0718 237504 System windows directory: C:\Windows
17:53:39.0718 237504 Running under WOW64
17:53:39.0718 237504 Processor architecture: Intel x64
17:53:39.0718 237504 Number of processors: 8
17:53:39.0718 237504 Page size: 0x1000
17:53:39.0718 237504 Boot type: Normal boot
17:53:39.0718 237504 ============================================================
17:53:39.0941 237504 Drive \Device\Harddisk0\DR0 - Size: 0x1C40000000 (113.00 Gb), SectorSize: 0x200, Cylinders: 0x399F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:53:39.0958 237504 ============================================================
17:53:39.0958 237504 \Device\Harddisk0\DR0:
17:53:39.0958 237504 GPT partitions:
17:53:39.0959 237504 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {00001229-647E-0000-B070-0000752C0000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000
17:53:39.0959 237504 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {00005A45-66E6-0000-8012-00002D200000}, Name: Customer, StartLBA 0x64028, BlocksNum 0x87F91D0
17:53:39.0959 237504 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {426F6F74-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {D314258B-C0F3-4B31-AC0F-1C2E5CA70243}, Name: Recovery HD, StartLBA 0x885D1F8, BlocksNum 0x135F28
17:53:39.0959 237504 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {695E8405-D5CE-4ECA-B64C-EE8258D488A3}, Name: BOOTCAMP, StartLBA 0x8993800, BlocksNum 0x586C000
17:53:39.0959 237504 MBR partitions:
17:53:39.0959 237504 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x8993800, BlocksNum 0x586C000
17:53:39.0959 237504 ============================================================
17:53:39.0961 237504 C: <-> \Device\Harddisk0\DR0\Partition4
17:53:39.0961 237504 ============================================================
17:53:39.0961 237504 Initialize success
17:53:39.0961 237504 ============================================================
17:54:04.0230 254488 ============================================================
17:54:04.0230 254488 Scan started
17:54:04.0230 254488 Mode: Manual; SigCheck; TDLFS;
17:54:04.0230 254488 ============================================================
17:54:04.0577 254488 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
17:54:04.0615 254488 1394ohci - ok
17:54:04.0628 254488 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:54:04.0639 254488 ACPI - ok
17:54:04.0642 254488 acpials (12c5274cd87449a2a37a607cdb321922) C:\Windows\system32\DRIVERS\acpials.sys
17:54:04.0652 254488 acpials - ok
17:54:04.0654 254488 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:54:04.0673 254488 AcpiPmi - ok
17:54:04.0679 254488 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:54:04.0686 254488 AdobeARMservice - ok
17:54:04.0704 254488 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:54:04.0717 254488 adp94xx - ok
17:54:04.0730 254488 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:54:04.0741 254488 adpahci - ok
17:54:04.0749 254488 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:54:04.0758 254488 adpu320 - ok
17:54:04.0763 254488 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:54:04.0816 254488 AeLookupSvc - ok
17:54:04.0836 254488 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:54:04.0853 254488 AFD - ok
17:54:04.0857 254488 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:54:04.0864 254488 agp440 - ok
17:54:04.0869 254488 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:54:04.0881 254488 ALG - ok
17:54:04.0884 254488 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:54:04.0890 254488 aliide - ok
17:54:04.0899 254488 AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe
17:54:04.0916 254488 AMD External Events Utility - ok
17:54:04.0918 254488 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:54:04.0925 254488 amdide - ok
17:54:04.0929 254488 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:54:04.0939 254488 AmdK8 - ok
17:54:05.0204 254488 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
17:54:05.0310 254488 amdkmdag - ok
17:54:05.0349 254488 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
17:54:05.0361 254488 amdkmdap - ok
17:54:05.0365 254488 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:54:05.0374 254488 AmdPPM - ok
17:54:05.0379 254488 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
17:54:05.0386 254488 amdsata - ok
17:54:05.0394 254488 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:54:05.0403 254488 amdsbs - ok
17:54:05.0406 254488 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
17:54:05.0412 254488 amdxata - ok
17:54:05.0423 254488 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:54:05.0431 254488 AntiVirSchedulerService - ok
17:54:05.0437 254488 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:54:05.0443 254488 AntiVirService - ok
17:54:05.0448 254488 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:54:05.0505 254488 AppID - ok
17:54:05.0508 254488 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:54:05.0534 254488 AppIDSvc - ok
17:54:05.0539 254488 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:54:05.0564 254488 Appinfo - ok
17:54:05.0567 254488 AppleBtBc (f65d10a8637f5eb0c6f7811548b06770) C:\Windows\system32\DRIVERS\AppleBtBc.sys
17:54:05.0576 254488 AppleBtBc - ok
17:54:05.0580 254488 AppleHFS (48bdc7af6a26a6816bd5be4798c29a58) C:\Windows\system32\drivers\AppleHFS.sys
17:54:05.0594 254488 AppleHFS - ok
17:54:05.0597 254488 AppleMNT (daac81671a6eeb41b35bf9113a35c7ff) C:\Windows\system32\drivers\AppleMNT.sys
17:54:05.0603 254488 AppleMNT - ok
17:54:05.0605 254488 applemtm (a0a045a7cc583e1b024aba3e9b38e2c0) C:\Windows\system32\DRIVERS\applemtm.sys
17:54:05.0613 254488 applemtm - ok
17:54:05.0617 254488 applemtp (cc8879aaa4de50f70d194f54b50ff5cf) C:\Windows\system32\DRIVERS\applemtp.sys
17:54:05.0625 254488 applemtp - ok
17:54:05.0633 254488 AppleOSSMgr (d954cd0616a2bbd9c0dced2b5b3ddb21) C:\Windows\system32\AppleOSSMgr.exe
17:54:05.0641 254488 AppleOSSMgr - ok
17:54:05.0646 254488 AppleTimeSrv (7271a1cafe205a12d07e080112b190db) C:\Windows\system32\AppleTimeSrv.exe
17:54:05.0652 254488 AppleTimeSrv - ok
17:54:05.0663 254488 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:54:05.0674 254488 AppMgmt - ok
17:54:05.0678 254488 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:54:05.0686 254488 arc - ok
17:54:05.0691 254488 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:54:05.0698 254488 arcsas - ok
17:54:05.0711 254488 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:54:05.0717 254488 aspnet_state - ok
17:54:05.0720 254488 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:54:05.0746 254488 AsyncMac - ok
17:54:05.0748 254488 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:54:05.0755 254488 atapi - ok
17:54:05.0780 254488 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:54:05.0813 254488 AudioEndpointBuilder - ok
17:54:05.0818 254488 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:54:05.0848 254488 AudioSrv - ok
17:54:05.0855 254488 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
17:54:05.0860 254488 Autodesk Content Service - ok
17:54:05.0867 254488 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
17:54:05.0875 254488 avgntflt - ok
17:54:05.0881 254488 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
17:54:05.0889 254488 avipbb - ok
17:54:05.0892 254488 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
17:54:05.0899 254488 avkmgr - ok
17:54:05.0906 254488 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:54:05.0928 254488 AxInstSV - ok
17:54:05.0945 254488 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:54:05.0960 254488 b06bdrv - ok
17:54:05.0977 254488 b57nd60a (bfd70bea3f8398f6b8b44e5cded3249c) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:54:05.0989 254488 b57nd60a - ok
17:54:06.0220 254488 BCM43XX (64032ca1644a336bd98acfa5601e925e) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:54:06.0300 254488 BCM43XX - ok
17:54:06.0342 254488 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:54:06.0353 254488 BDESVC - ok
17:54:06.0360 254488 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:54:06.0386 254488 Beep - ok
17:54:06.0413 254488 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:54:06.0446 254488 BFE - ok
17:54:06.0503 254488 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:54:06.0589 254488 BITS - ok
17:54:06.0599 254488 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:54:06.0609 254488 blbdrive - ok
17:54:06.0616 254488 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:54:06.0626 254488 bowser - ok
17:54:06.0629 254488 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:54:06.0639 254488 BrFiltLo - ok
17:54:06.0642 254488 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:54:06.0653 254488 BrFiltUp - ok
17:54:06.0658 254488 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:54:06.0684 254488 BridgeMP - ok
17:54:06.0690 254488 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:54:06.0716 254488 Browser - ok
17:54:06.0727 254488 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:54:06.0741 254488 Brserid - ok
17:54:06.0745 254488 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:54:06.0756 254488 BrSerWdm - ok
17:54:06.0759 254488 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:54:06.0769 254488 BrUsbMdm - ok
17:54:06.0772 254488 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:54:06.0780 254488 BrUsbSer - ok
17:54:06.0783 254488 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:54:06.0794 254488 BthEnum - ok
17:54:06.0800 254488 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:54:06.0811 254488 BTHMODEM - ok
17:54:06.0817 254488 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:54:06.0829 254488 BthPan - ok
17:54:06.0849 254488 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
17:54:06.0866 254488 BTHPORT - ok
17:54:06.0871 254488 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:54:06.0896 254488 bthserv - ok
17:54:06.0901 254488 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
17:54:06.0912 254488 BTHUSB - ok
17:54:06.0915 254488 catchme - ok
17:54:06.0920 254488 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:54:06.0946 254488 cdfs - ok
17:54:06.0954 254488 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:54:06.0965 254488 cdrom - ok
17:54:06.0970 254488 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:54:06.0995 254488 CertPropSvc - ok
17:54:06.0999 254488 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:54:07.0082 254488 circlass - ok
17:54:07.0085 254488 CirrusFilter (11da0ccbce49e7a4c6a4f9f2b4e858f8) C:\Windows\system32\DRIVERS\CS420x64.sys
17:54:07.0093 254488 CirrusFilter - ok
17:54:07.0112 254488 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:54:07.0123 254488 CLFS - ok
17:54:07.0133 254488 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:54:07.0139 254488 clr_optimization_v2.0.50727_32 - ok
17:54:07.0149 254488 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:54:07.0155 254488 clr_optimization_v2.0.50727_64 - ok
17:54:07.0176 254488 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:54:07.0183 254488 clr_optimization_v4.0.30319_32 - ok
17:54:07.0201 254488 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:54:07.0208 254488 clr_optimization_v4.0.30319_64 - ok
17:54:07.0211 254488 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:54:07.0220 254488 CmBatt - ok
17:54:07.0223 254488 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:54:07.0229 254488 cmdide - ok
17:54:07.0252 254488 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:54:07.0270 254488 CNG - ok
17:54:07.0273 254488 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:54:07.0279 254488 Compbatt - ok
17:54:07.0282 254488 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:54:07.0294 254488 CompositeBus - ok
17:54:07.0296 254488 COMSysApp - ok
17:54:07.0299 254488 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:54:07.0305 254488 crcdisk - ok
17:54:07.0318 254488 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:54:07.0345 254488 CryptSvc - ok
17:54:07.0374 254488 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:54:07.0391 254488 CSC - ok
17:54:07.0415 254488 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:54:07.0432 254488 CscService - ok
17:54:07.0457 254488 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:54:07.0489 254488 DcomLaunch - ok
17:54:07.0502 254488 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:54:07.0530 254488 defragsvc - ok
17:54:07.0540 254488 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:54:07.0565 254488 DfsC - ok
17:54:07.0578 254488 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:54:07.0606 254488 Dhcp - ok
17:54:07.0609 254488 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:54:07.0635 254488 discache - ok
17:54:07.0640 254488 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:54:07.0647 254488 Disk - ok
17:54:07.0652 254488 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:54:07.0662 254488 dmvsc - ok
17:54:07.0671 254488 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:54:07.0681 254488 Dnscache - ok
17:54:07.0691 254488 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:54:07.0717 254488 dot3svc - ok
17:54:07.0725 254488 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:54:07.0751 254488 DPS - ok
17:54:07.0753 254488 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:54:07.0764 254488 drmkaud - ok
17:54:07.0818 254488 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:54:07.0859 254488 DXGKrnl - ok
17:54:07.0868 254488 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:54:07.0895 254488 EapHost - ok
17:54:08.0075 254488 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:54:08.0142 254488 ebdrv - ok
17:54:08.0174 254488 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
17:54:08.0185 254488 EFS - ok
17:54:08.0213 254488 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:54:08.0233 254488 ehRecvr - ok
17:54:08.0240 254488 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:54:08.0251 254488 ehSched - ok
17:54:08.0285 254488 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:54:08.0299 254488 elxstor - ok
17:54:08.0301 254488 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:54:08.0310 254488 ErrDev - ok
17:54:08.0333 254488 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:54:08.0363 254488 EventSystem - ok
17:54:08.0371 254488 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:54:08.0398 254488 exfat - ok
17:54:08.0415 254488 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:54:08.0442 254488 fastfat - ok
17:54:08.0479 254488 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:54:08.0497 254488 Fax - ok
17:54:08.0500 254488 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:54:08.0510 254488 fdc - ok
17:54:08.0513 254488 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:54:08.0538 254488 fdPHost - ok
17:54:08.0541 254488 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:54:08.0567 254488 FDResPub - ok
17:54:08.0571 254488 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:54:08.0577 254488 FileInfo - ok
17:54:08.0580 254488 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:54:08.0605 254488 Filetrace - ok
17:54:08.0691 254488 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:54:08.0747 254488 FLEXnet Licensing Service 64 - ok
17:54:08.0792 254488 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:54:08.0821 254488 flpydisk - ok
17:54:08.0845 254488 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:54:08.0872 254488 FltMgr - ok
17:54:08.0957 254488 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
17:54:09.0046 254488 FontCache - ok
17:54:09.0051 254488 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:54:09.0060 254488 FontCache3.0.0.0 - ok
17:54:09.0069 254488 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:54:09.0080 254488 FsDepends - ok
17:54:09.0083 254488 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:54:09.0092 254488 Fs_Rec - ok
17:54:09.0100 254488 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:54:09.0111 254488 fvevol - ok
17:54:09.0115 254488 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:54:09.0122 254488 gagp30kx - ok
17:54:09.0149 254488 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:54:09.0184 254488 gpsvc - ok
17:54:09.0187 254488 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:54:09.0197 254488 hcw85cir - ok
17:54:09.0216 254488 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:54:09.0232 254488 HdAudAddService - ok
17:54:09.0239 254488 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:54:09.0251 254488 HDAudBus - ok
17:54:09.0254 254488 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:54:09.0263 254488 HidBatt - ok
17:54:09.0270 254488 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:54:09.0282 254488 HidBth - ok
17:54:09.0286 254488 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:54:09.0297 254488 HidIr - ok
17:54:09.0300 254488 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:54:09.0326 254488 hidserv - ok
17:54:09.0329 254488 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:54:09.0338 254488 HidUsb - ok
17:54:09.0345 254488 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:54:09.0371 254488 hkmsvc - ok
17:54:09.0382 254488 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:54:09.0395 254488 HomeGroupListener - ok
17:54:09.0405 254488 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:54:09.0416 254488 HomeGroupProvider - ok
17:54:09.0422 254488 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:54:09.0429 254488 HpSAMD - ok
17:54:09.0466 254488 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:54:09.0500 254488 HTTP - ok
17:54:09.0503 254488 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:54:09.0510 254488 hwpolicy - ok
17:54:09.0517 254488 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:54:09.0527 254488 i8042prt - ok
17:54:09.0543 254488 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
17:54:09.0555 254488 iaStorV - ok
17:54:09.0586 254488 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:54:09.0604 254488 idsvc - ok
17:54:09.0608 254488 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:54:09.0614 254488 iirsp - ok
17:54:09.0644 254488 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:54:09.0678 254488 IKEEXT - ok
17:54:09.0682 254488 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:54:09.0688 254488 intelide - ok
17:54:09.0693 254488 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:54:09.0703 254488 intelppm - ok
17:54:09.0709 254488 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:54:09.0736 254488 IPBusEnum - ok
17:54:09.0741 254488 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:54:09.0765 254488 IpFilterDriver - ok
17:54:09.0770 254488 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:54:09.0780 254488 IPMIDRV - ok
17:54:09.0788 254488 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:54:09.0813 254488 IPNAT - ok
17:54:09.0816 254488 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:54:09.0828 254488 IRENUM - ok
17:54:09.0832 254488 IRRemoteFlt (a2ea52f7140d9439ef0eca7a9e2940c9) C:\Windows\system32\DRIVERS\IRFilter.sys
17:54:09.0841 254488 IRRemoteFlt - ok
17:54:09.0844 254488 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:54:09.0850 254488 isapnp - ok
17:54:09.0863 254488 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:54:09.0873 254488 iScsiPrt - ok
17:54:09.0877 254488 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:54:09.0884 254488 kbdclass - ok
17:54:09.0887 254488 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:54:09.0897 254488 kbdhid - ok
17:54:09.0899 254488 KeyAgent (1e74f5914d4643b9b379daf1e47bf999) C:\Windows\system32\drivers\KeyAgent.sys
17:54:09.0906 254488 KeyAgent - ok
17:54:09.0909 254488 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:54:09.0918 254488 KeyIso - ok
17:54:09.0922 254488 KeyMagic (c307a605c49d21592b6c9bb41fbe893b) C:\Windows\system32\DRIVERS\KeyMagic.sys
17:54:09.0930 254488 KeyMagic - ok
17:54:09.0937 254488 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:54:09.0945 254488 KSecDD - ok
17:54:09.0954 254488 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:54:09.0962 254488 KSecPkg - ok
17:54:09.0966 254488 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:54:09.0991 254488 ksthunk - ok
17:54:10.0009 254488 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:54:10.0039 254488 KtmRm - ok
17:54:10.0054 254488 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:54:10.0082 254488 LanmanServer - ok
17:54:10.0091 254488 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:54:10.0118 254488 LanmanWorkstation - ok
17:54:10.0123 254488 libusb0 (285954c6c6ef43b78ab84034750fac6a) C:\Windows\system32\DRIVERS\libusb0.sys
17:54:10.0131 254488 libusb0 - ok
17:54:10.0136 254488 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:54:10.0162 254488 lltdio - ok
17:54:10.0179 254488 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:54:10.0207 254488 lltdsvc - ok
17:54:10.0211 254488 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:54:10.0236 254488 lmhosts - ok
17:54:10.0255 254488 LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:54:10.0279 254488 LMS - ok
17:54:10.0293 254488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:54:10.0305 254488 LSI_FC - ok
17:54:10.0313 254488 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:54:10.0325 254488 LSI_SAS - ok
17:54:10.0331 254488 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:54:10.0342 254488 LSI_SAS2 - ok
17:54:10.0351 254488 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:54:10.0363 254488 LSI_SCSI - ok
17:54:10.0372 254488 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:54:10.0412 254488 luafv - ok
17:54:10.0415 254488 MacHALDriver (4035b7464df8c3c423e6ffdc75aaeebf) C:\Windows\system32\drivers\MacHALDriver.sys
17:54:10.0421 254488 MacHALDriver - ok
17:54:10.0431 254488 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:54:10.0441 254488 McComponentHostService - ok
17:54:10.0446 254488 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:54:10.0456 254488 Mcx2Svc - ok
17:54:10.0459 254488 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:54:10.0465 254488 megasas - ok
17:54:10.0481 254488 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:54:10.0491 254488 MegaSR - ok
17:54:10.0496 254488 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
17:54:10.0502 254488 MEIx64 - ok
17:54:10.0562 254488 mitsijm2012 (29731e3f45a70312e82a72ea96483171) C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
17:54:10.0590 254488 mitsijm2012 - ok
17:54:10.0595 254488 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:54:10.0621 254488 MMCSS - ok
17:54:10.0624 254488 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:54:10.0648 254488 Modem - ok
17:54:10.0651 254488 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:54:10.0662 254488 monitor - ok
17:54:10.0665 254488 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:54:10.0671 254488 mouclass - ok
17:54:10.0674 254488 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:54:10.0683 254488 mouhid - ok
17:54:10.0687 254488 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:54:10.0694 254488 mountmgr - ok
17:54:10.0700 254488 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:54:10.0707 254488 MozillaMaintenance - ok
17:54:10.0713 254488 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:54:10.0721 254488 mpio - ok
17:54:10.0725 254488 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:54:10.0749 254488 mpsdrv - ok
17:54:10.0757 254488 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:54:10.0770 254488 MRxDAV - ok
17:54:10.0778 254488 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:54:10.0788 254488 mrxsmb - ok
17:54:10.0803 254488 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:54:10.0813 254488 mrxsmb10 - ok
17:54:10.0821 254488 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:54:10.0831 254488 mrxsmb20 - ok
17:54:10.0834 254488 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:54:10.0840 254488 msahci - ok
17:54:10.0848 254488 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:54:10.0856 254488 msdsm - ok
17:54:10.0864 254488 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:54:10.0876 254488 MSDTC - ok
17:54:10.0881 254488 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:54:10.0906 254488 Msfs - ok
17:54:10.0908 254488 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:54:10.0933 254488 mshidkmdf - ok
17:54:10.0936 254488 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:54:10.0942 254488 msisadrv - ok
17:54:10.0953 254488 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:54:10.0980 254488 MSiSCSI - ok
17:54:10.0982 254488 msiserver - ok
17:54:10.0985 254488 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:54:11.0009 254488 MSKSSRV - ok
17:54:11.0013 254488 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:54:11.0038 254488 MSPCLOCK - ok
17:54:11.0040 254488 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:54:11.0065 254488 MSPQM - ok
17:54:11.0086 254488 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:54:11.0097 254488 MsRPC - ok
17:54:11.0125 254488 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:54:11.0138 254488 mssmbios - ok
17:54:11.0144 254488 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:54:11.0189 254488 MSTEE - ok
17:54:11.0193 254488 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:54:11.0206 254488 MTConfig - ok
17:54:11.0211 254488 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:54:11.0221 254488 Mup - ok
17:54:11.0247 254488 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:54:11.0291 254488 napagent - ok
17:54:11.0307 254488 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:54:11.0329 254488 NativeWifiP - ok
17:54:11.0387 254488 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:54:11.0431 254488 NDIS - ok
17:54:11.0435 254488 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:54:11.0472 254488 NdisCap - ok
17:54:11.0476 254488 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:54:11.0511 254488 NdisTapi - ok
17:54:11.0516 254488 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:54:11.0551 254488 Ndisuio - ok
17:54:11.0560 254488 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:54:11.0591 254488 NdisWan - ok
17:54:11.0596 254488 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:54:11.0620 254488 NDProxy - ok
17:54:11.0623 254488 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:54:11.0648 254488 NetBIOS - ok
17:54:11.0661 254488 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:54:11.0687 254488 NetBT - ok
17:54:11.0690 254488 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:54:11.0699 254488 Netlogon - ok
17:54:11.0720 254488 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:54:11.0750 254488 Netman - ok
17:54:11.0770 254488 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:11.0778 254488 NetMsmqActivator - ok
17:54:11.0780 254488 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:11.0786 254488 NetPipeActivator - ok
17:54:11.0812 254488 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:54:11.0842 254488 netprofm - ok
17:54:11.0845 254488 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:11.0851 254488 NetTcpActivator - ok
17:54:11.0853 254488 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:11.0859 254488 NetTcpPortSharing - ok
17:54:11.0869 254488 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:54:11.0876 254488 nfrd960 - ok
17:54:11.0894 254488 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:54:11.0923 254488 NlaSvc - ok
17:54:11.0927 254488 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:54:11.0952 254488 Npfs - ok
17:54:11.0955 254488 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:54:11.0981 254488 nsi - ok
17:54:11.0984 254488 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:54:12.0008 254488 nsiproxy - ok
17:54:12.0075 254488 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
17:54:12.0107 254488 Ntfs - ok
17:54:12.0154 254488 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:54:12.0216 254488 Null - ok
17:54:12.0224 254488 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
17:54:12.0235 254488 nvraid - ok
17:54:12.0245 254488 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
17:54:12.0257 254488 nvstor - ok
17:54:12.0265 254488 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:54:12.0276 254488 nv_agp - ok
17:54:12.0281 254488 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:54:12.0293 254488 ohci1394 - ok
17:54:12.0311 254488 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:54:12.0330 254488 p2pimsvc - ok
17:54:12.0354 254488 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:54:12.0374 254488 p2psvc - ok
17:54:12.0382 254488 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:54:12.0396 254488 Parport - ok
17:54:12.0402 254488 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:54:12.0412 254488 partmgr - ok
17:54:12.0424 254488 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:54:12.0446 254488 PcaSvc - ok
17:54:12.0457 254488 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:54:12.0469 254488 pci - ok
17:54:12.0473 254488 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:54:12.0482 254488 pciide - ok
17:54:12.0494 254488 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:54:12.0507 254488 pcmcia - ok
17:54:12.0512 254488 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:54:12.0522 254488 pcw - ok
17:54:12.0554 254488 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:54:12.0601 254488 PEAUTH - ok
17:54:12.0650 254488 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:54:12.0678 254488 PeerDistSvc - ok
17:54:12.0715 254488 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:54:12.0738 254488 PerfHost - ok
17:54:12.0869 254488 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:54:12.0934 254488 pla - ok
17:54:13.0315 254488 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:54:13.0361 254488 PlugPlay - ok
17:54:13.0370 254488 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:54:13.0401 254488 PNRPAutoReg - ok
17:54:13.0430 254488 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:54:13.0468 254488 PNRPsvc - ok
17:54:13.0510 254488 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:54:13.0605 254488 PolicyAgent - ok
17:54:13.0617 254488 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:54:13.0673 254488 Power - ok
17:54:13.0684 254488 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:54:13.0710 254488 PptpMiniport - ok
17:54:13.0714 254488 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:54:13.0723 254488 Processor - ok
17:54:13.0733 254488 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:54:13.0760 254488 ProfSvc - ok
17:54:13.0764 254488 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:54:13.0773 254488 ProtectedStorage - ok
17:54:13.0782 254488 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:54:13.0807 254488 Psched - ok
17:54:13.0896 254488 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:54:13.0933 254488 ql2300 - ok
17:54:13.0972 254488 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:54:13.0980 254488 ql40xx - ok
17:54:13.0990 254488 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:54:14.0005 254488 QWAVE - ok
17:54:14.0009 254488 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:54:14.0022 254488 QWAVEdrv - ok
17:54:14.0025 254488 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:54:14.0050 254488 RasAcd - ok
17:54:14.0055 254488 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:54:14.0080 254488 RasAgileVpn - ok
17:54:14.0087 254488 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:54:14.0114 254488 RasAuto - ok
17:54:14.0122 254488 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:54:14.0148 254488 Rasl2tp - ok
17:54:14.0166 254488 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:54:14.0196 254488 RasMan - ok
17:54:14.0202 254488 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:54:14.0227 254488 RasPppoe - ok
17:54:14.0233 254488 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:54:14.0259 254488 RasSstp - ok
17:54:14.0270 254488 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:54:14.0297 254488 rdbss - ok
17:54:14.0300 254488 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:54:14.0310 254488 rdpbus - ok
17:54:14.0313 254488 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:54:14.0338 254488 RDPCDD - ok
17:54:14.0348 254488 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:54:14.0359 254488 RDPDR - ok
17:54:14.0362 254488 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:54:14.0387 254488 RDPENCDD - ok
17:54:14.0390 254488 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:54:14.0414 254488 RDPREFMP - ok
17:54:14.0423 254488 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:54:14.0449 254488 RDPWD - ok
17:54:14.0462 254488 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:54:14.0471 254488 rdyboost - ok
17:54:14.0478 254488 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:54:14.0504 254488 RemoteAccess - ok
17:54:14.0513 254488 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:54:14.0539 254488 RemoteRegistry - ok
17:54:14.0545 254488 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:54:14.0557 254488 RFCOMM - ok
17:54:14.0561 254488 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:54:14.0587 254488 RpcEptMapper - ok
17:54:14.0589 254488 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:54:14.0598 254488 RpcLocator - ok
17:54:14.0614 254488 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
17:54:14.0641 254488 RpcSs - ok
17:54:14.0646 254488 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:54:14.0670 254488 rspndr - ok
17:54:14.0673 254488 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:54:14.0681 254488 s3cap - ok
17:54:14.0684 254488 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:54:14.0692 254488 SamSs - ok
17:54:14.0697 254488 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:54:14.0704 254488 sbp2port - ok
17:54:14.0776 254488 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:54:14.0823 254488 SBSDWSCService - ok
17:54:14.0835 254488 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:54:14.0873 254488 SCardSvr - ok
17:54:14.0883 254488 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:54:14.0918 254488 scfilter - ok
17:54:14.0987 254488 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:54:15.0058 254488 Schedule - ok
17:54:15.0064 254488 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:54:15.0088 254488 SCPolicySvc - ok
17:54:15.0097 254488 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:54:15.0111 254488 SDRSVC - ok
17:54:15.0119 254488 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:54:15.0144 254488 secdrv - ok
17:54:15.0148 254488 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:54:15.0172 254488 seclogon - ok
17:54:15.0177 254488 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:54:15.0204 254488 SENS - ok
17:54:15.0208 254488 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:54:15.0217 254488 SensrSvc - ok
17:54:15.0227 254488 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
17:54:15.0236 254488 Sentinel64 - ok
17:54:15.0239 254488 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:54:15.0248 254488 Serenum - ok
17:54:15.0253 254488 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:54:15.0264 254488 Serial - ok
17:54:15.0268 254488 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:54:15.0277 254488 sermouse - ok
17:54:15.0288 254488 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:54:15.0315 254488 SessionEnv - ok
17:54:15.0318 254488 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:54:15.0329 254488 sffdisk - ok
17:54:15.0332 254488 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:54:15.0343 254488 sffp_mmc - ok
17:54:15.0345 254488 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:54:15.0357 254488 sffp_sd - ok
17:54:15.0360 254488 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:54:15.0369 254488 sfloppy - ok
17:54:15.0394 254488 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:54:15.0423 254488 SharedAccess - ok
17:54:15.0446 254488 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:54:15.0475 254488 ShellHWDetection - ok
17:54:15.0479 254488 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:54:15.0486 254488 SiSRaid2 - ok
17:54:15.0493 254488 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:54:15.0500 254488 SiSRaid4 - ok
17:54:15.0507 254488 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:54:15.0533 254488 Smb - ok
17:54:15.0538 254488 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:54:15.0549 254488 SNMPTRAP - ok
17:54:15.0552 254488 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:54:15.0558 254488 spldr - ok
17:54:15.0589 254488 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:54:15.0621 254488 Spooler - ok
17:54:15.0804 254488 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:54:15.0889 254488 sppsvc - ok
17:54:15.0937 254488 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:54:16.0007 254488 sppuinotify - ok
17:54:16.0041 254488 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
17:54:16.0042 254488 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
17:54:16.0042 254488 sptd ( LockedFile.Multi.Generic ) - warning
17:54:16.0043 254488 sptd - detected LockedFile.Multi.Generic (1)
17:54:16.0070 254488 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:54:16.0096 254488 srv - ok
17:54:16.0117 254488 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:54:16.0141 254488 srv2 - ok
17:54:16.0154 254488 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:54:16.0173 254488 srvnet - ok
17:54:16.0187 254488 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:54:16.0235 254488 SSDPSRV - ok
17:54:16.0241 254488 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:54:16.0267 254488 SstpSvc - ok
17:54:16.0270 254488 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:54:16.0276 254488 stexstor - ok
17:54:16.0306 254488 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:54:16.0325 254488 stisvc - ok
17:54:16.0330 254488 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:54:16.0336 254488 storflt - ok
17:54:16.0340 254488 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:54:16.0350 254488 StorSvc - ok
17:54:16.0354 254488 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:54:16.0361 254488 storvsc - ok
17:54:16.0363 254488 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:54:16.0370 254488 swenum - ok
17:54:16.0400 254488 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:54:16.0432 254488 swprv - ok
17:54:16.0554 254488 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:54:16.0631 254488 SysMain - ok
17:54:16.0674 254488 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:54:16.0698 254488 TabletInputService - ok
17:54:16.0712 254488 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:54:16.0750 254488 TapiSrv - ok
17:54:16.0755 254488 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:54:16.0780 254488 TBS - ok
17:54:16.0851 254488 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
17:54:16.0886 254488 Tcpip - ok
17:54:17.0060 254488 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
17:54:17.0109 254488 TCPIP6 - ok
17:54:17.0155 254488 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:54:17.0180 254488 tcpipreg - ok
17:54:17.0184 254488 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:54:17.0210 254488 TDPIPE - ok
17:54:17.0213 254488 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:54:17.0238 254488 TDTCP - ok
17:54:17.0244 254488 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:54:17.0270 254488 tdx - ok
17:54:17.0275 254488 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:54:17.0283 254488 TermDD - ok
17:54:17.0307 254488 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:54:17.0341 254488 TermService - ok
17:54:17.0345 254488 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:54:17.0358 254488 Themes - ok
17:54:17.0363 254488 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:54:17.0388 254488 THREADORDER - ok
17:54:17.0394 254488 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:54:17.0422 254488 TrkWks - ok
17:54:17.0431 254488 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:54:17.0456 254488 TrustedInstaller - ok
17:54:17.0460 254488 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:54:17.0486 254488 tssecsrv - ok
17:54:17.0491 254488 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:54:17.0501 254488 TsUsbFlt - ok
17:54:17.0504 254488 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:54:17.0513 254488 TsUsbGD - ok
17:54:17.0518 254488 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:54:17.0544 254488 tunnel - ok
17:54:17.0548 254488 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:54:17.0555 254488 uagp35 - ok
17:54:17.0566 254488 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:54:17.0594 254488 udfs - ok
17:54:17.0599 254488 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:54:17.0610 254488 UI0Detect - ok
17:54:17.0614 254488 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:54:17.0621 254488 uliagpkx - ok
17:54:17.0624 254488 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:54:17.0633 254488 umbus - ok
17:54:17.0636 254488 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:54:17.0645 254488 UmPass - ok
17:54:17.0653 254488 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:54:17.0665 254488 UmRdpService - ok
17:54:17.0751 254488 UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:54:17.0799 254488 UNS - ok
17:54:17.0841 254488 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:54:17.0877 254488 upnphost - ok
17:54:17.0891 254488 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
17:54:17.0901 254488 usbccgp - ok
17:54:17.0907 254488 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:54:17.0918 254488 usbcir - ok
17:54:17.0923 254488 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
17:54:17.0932 254488 usbehci - ok
17:54:17.0949 254488 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
17:54:17.0962 254488 usbhub - ok
17:54:17.0966 254488 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
17:54:17.0975 254488 usbohci - ok
17:54:17.0978 254488 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:54:17.0990 254488 usbprint - ok
17:54:17.0996 254488 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:54:18.0005 254488 USBSTOR - ok
17:54:18.0009 254488 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:54:18.0019 254488 usbuhci - ok
17:54:18.0032 254488 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:54:18.0045 254488 usbvideo - ok
17:54:18.0049 254488 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:54:18.0075 254488 UxSms - ok
17:54:18.0079 254488 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:54:18.0088 254488 VaultSvc - ok
17:54:18.0092 254488 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:54:18.0099 254488 vdrvroot - ok
17:54:18.0128 254488 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:54:18.0160 254488 vds - ok
17:54:18.0164 254488 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:54:18.0175 254488 vga - ok
17:54:18.0179 254488 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:54:18.0204 254488 VgaSave - ok
17:54:18.0217 254488 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:54:18.0226 254488 vhdmp - ok
17:54:18.0229 254488 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:54:18.0235 254488 viaide - ok
17:54:18.0242 254488 Viewpoint Service (00a204be7084b214605db4d433c9a7e2) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
17:54:18.0248 254488 Viewpoint Service - ok
17:54:18.0260 254488 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:54:18.0269 254488 vmbus - ok
17:54:18.0273 254488 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:54:18.0282 254488 VMBusHID - ok
17:54:18.0288 254488 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:54:18.0295 254488 volmgr - ok
17:54:18.0325 254488 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:54:18.0356 254488 volmgrx - ok
17:54:18.0369 254488 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:54:18.0380 254488 volsnap - ok
17:54:18.0388 254488 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:54:18.0396 254488 vsmraid - ok
17:54:18.0450 254488 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:54:18.0495 254488 VSS - ok
17:54:18.0530 254488 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:54:18.0540 254488 vwifibus - ok
17:54:18.0544 254488 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:54:18.0556 254488 vwififlt - ok
17:54:18.0571 254488 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:54:18.0600 254488 W32Time - ok
17:54:18.0605 254488 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:54:18.0615 254488 WacomPen - ok
17:54:18.0621 254488 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:18.0646 254488 WANARP - ok
17:54:18.0648 254488 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:18.0672 254488 Wanarpv6 - ok
17:54:18.0723 254488 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:54:18.0749 254488 WatAdminSvc - ok
17:54:18.0826 254488 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:54:18.0878 254488 wbengine - ok
17:54:18.0934 254488 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:54:18.0964 254488 WbioSrvc - ok
17:54:18.0988 254488 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:54:19.0021 254488 wcncsvc - ok
17:54:19.0027 254488 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:54:19.0044 254488 WcsPlugInService - ok
17:54:19.0054 254488 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:54:19.0065 254488 Wd - ok
17:54:19.0102 254488 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:54:19.0128 254488 Wdf01000 - ok
17:54:19.0135 254488 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:54:19.0171 254488 WdiServiceHost - ok
17:54:19.0172 254488 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:54:19.0186 254488 WdiSystemHost - ok
17:54:19.0197 254488 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:54:19.0213 254488 WebClient - ok
17:54:19.0223 254488 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:54:19.0252 254488 Wecsvc - ok
17:54:19.0257 254488 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:54:19.0283 254488 wercplsupport - ok
17:54:19.0288 254488 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:54:19.0314 254488 WerSvc - ok
17:54:19.0320 254488 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:54:19.0344 254488 WfpLwf - ok
17:54:19.0347 254488 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:54:19.0353 254488 WIMMount - ok
17:54:19.0357 254488 WinHttpAutoProxySvc - ok
17:54:19.0369 254488 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:54:19.0396 254488 Winmgmt - ok
17:54:19.0459 254488 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:54:19.0509 254488 WinRM - ok
17:54:19.0546 254488 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:54:19.0556 254488 WinUsb - ok
17:54:19.0586 254488 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:54:19.0610 254488 Wlansvc - ok
17:54:19.0613 254488 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:54:19.0623 254488 WmiAcpi - ok
17:54:19.0638 254488 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:54:19.0651 254488 wmiApSrv - ok
17:54:19.0655 254488 WMPNetworkSvc - ok
17:54:19.0658 254488 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:54:19.0668 254488 WPCSvc - ok
17:54:19.0674 254488 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:54:19.0689 254488 WPDBusEnum - ok
17:54:19.0692 254488 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:54:19.0717 254488 ws2ifsl - ok
17:54:19.0725 254488 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:54:19.0739 254488 wscsvc - ok
17:54:19.0743 254488 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:54:19.0753 254488 WSDPrintDevice - ok
17:54:19.0755 254488 WSearch - ok
17:54:19.0880 254488 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:54:19.0958 254488 wuauserv - ok
17:54:20.0005 254488 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:54:20.0070 254488 WudfPf - ok
17:54:20.0081 254488 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:54:20.0118 254488 WUDFRd - ok
17:54:20.0124 254488 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:54:20.0150 254488 wudfsvc - ok
17:54:20.0158 254488 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:54:20.0173 254488 WwanSvc - ok
17:54:20.0179 254488 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:54:20.0336 254488 \Device\Harddisk0\DR0 - ok
17:54:20.0339 254488 Boot (0x1200) (3224dcd32d539009860277561044e5e6) \Device\Harddisk0\DR0\Partition0
17:54:20.0340 254488 \Device\Harddisk0\DR0\Partition0 - ok
17:54:20.0343 254488 Boot (0x1200) (5c01c4c958051f46804fe04705f55a78) \Device\Harddisk0\DR0\Partition1
17:54:20.0343 254488 \Device\Harddisk0\DR0\Partition1 - ok
17:54:20.0347 254488 Boot (0x1200) (6c21c1c8131db4f4188f9d90df0ddfd8) \Device\Harddisk0\DR0\Partition2
17:54:20.0347 254488 \Device\Harddisk0\DR0\Partition2 - ok
17:54:20.0351 254488 Boot (0x1200) (c5f756c5fe613934b461d33a203ca94f) \Device\Harddisk0\DR0\Partition3
17:54:20.0352 254488 \Device\Harddisk0\DR0\Partition3 - ok
17:54:20.0355 254488 Boot (0x1200) (c5f756c5fe613934b461d33a203ca94f) \Device\Harddisk0\DR0\Partition4
17:54:20.0356 254488 \Device\Harddisk0\DR0\Partition4 - ok
17:54:20.0356 254488 ============================================================
17:54:20.0356 254488 Scan finished
17:54:20.0356 254488 ============================================================
17:54:20.0364 2300 Detected object count: 1
17:54:20.0364 2300 Actual detected object count: 1
17:55:14.0903 2300 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:55:14.0904 2300 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:55:36.0854 225040 Deinitialize success







OTL Fix log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Users\ScottAndrew\AppData\Local\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U folder moved successfully.
C:\Users\ScottAndrew\AppData\Local\{57dc159f-17bb-c9fb-c936-8b986f31693a}\L folder moved successfully.
C:\Users\ScottAndrew\AppData\Local\{57dc159f-17bb-c9fb-c936-8b986f31693a} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ScottAndrew\Desktop\cmd.bat deleted successfully.
C:\Users\ScottAndrew\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: ScottAndrew
->Temp folder emptied: 61090275 bytes
->Temporary Internet Files folder emptied: 63570 bytes
->Java cache emptied: 16768 bytes
->FireFox cache emptied: 262984400 bytes
->Flash cache emptied: 3646 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 309.00 mb


OTL by OldTimer - Version 3.2.52.0 log created on 06252012_175843

Files\Folders moved on Reboot...
C:\Users\ScottAndrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\fla63E6.tmp moved successfully.
C:\Windows\temp\fla8B8C.tmp moved successfully.
C:\Windows\temp\flaF752.tmp moved successfully.

Registry entries deleted on Reboot...





OTL Scan Log

OTL logfile created on: 6/25/2012 6:04:22 PM - Run 3
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\ScottAndrew\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 82.44% Memory free
15.82 Gb Paging File | 14.29 Gb Available in Paging File | 90.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 44.21 Gb Total Space | 2.72 Gb Free Space | 6.15% Space Free | Partition Type: NTFS
Drive E: | 67.99 Gb Total Space | 11.35 Gb Free Space | 16.69% Space Free | Partition Type: HFS

Computer Name: SCOTTANDREW-PC | User Name: ScottAndrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 22:18:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/06/23 22:18:00 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/06/23 22:18:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/06/22 21:48:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ScottAndrew\Desktop\OTL.exe
PRC - [2012/06/14 17:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/10 04:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/06/13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/06/13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 17:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/23 02:07:39 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/06/29 07:49:38 | 000,111,488 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV:64bit: - [2011/06/29 07:49:36 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2011/06/13 18:34:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/03 05:00:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/23 22:18:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/06/23 22:18:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/06/14 17:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/06/13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/23 22:18:01 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/06/23 22:18:01 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/11/29 21:09:21 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/29 07:49:44 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2011/06/29 07:49:44 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2011/06/29 07:49:42 | 000,022,872 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2011/06/29 07:49:42 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2011/06/13 18:37:15 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/06/13 18:37:12 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter)
DRV:64bit: - [2011/06/13 18:37:07 | 004,798,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/06/13 18:37:06 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/06/13 18:34:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/13 18:34:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/26 21:13:25 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2011/03/25 03:32:04 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV:64bit: - [2011/03/25 03:31:56 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp)
DRV:64bit: - [2011/03/25 03:31:56 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2011/03/25 03:31:33 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV:64bit: - [2011/02/14 08:19:30 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2230358728-1914598529-2984429319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2230358728-1914598529-2984429319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2230358728-1914598529-2984429319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 74 96 FD 20 F5 CC 01 [binary data]
IE - HKU\S-1-5-21-2230358728-1914598529-2984429319-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2230358728-1914598529-2984429319-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2230358728-1914598529-2984429319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/22 20:18:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/23 01:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Extensions
[2012/06/22 19:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\extensions
[2012/06/04 00:47:22 | 000,000,000 | ---D | M] (Manilla) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\extensions\{B9A5DFD3-99A9-465d-87B0-A6922A7AFCD7}
[2012/05/22 21:44:37 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\extensions\[email protected]
[2012/06/22 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/15 23:13:12 | 000,019,486 | ---- | M] () (No name found) -- C:\USERS\SCOTTANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B8Z6EFTV.DEFAULT\EXTENSIONS\[email protected]
[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/23 18:49:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-2230358728-1914598529-2984429319-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2230358728-1914598529-2984429319-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2230358728-1914598529-2984429319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A1AAAE0-4A88-4416-95E8-D27F1229876C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE63949E-13F7-410B-A926-2F3273D2B934}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 17:59:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/25 17:51:41 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ScottAndrew\Desktop\tdsskiller.exe
[2012/06/24 22:38:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ScottAndrew\Desktop\aswMBR.exe
[2012/06/24 12:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/24 12:47:47 | 002,322,184 | ---- | C] (ESET) -- C:\Users\ScottAndrew\Desktop\esetsmartinstaller_enu.exe
[2012/06/24 12:42:59 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ScottAndrew\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/24 12:39:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/23 18:47:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/23 18:47:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/23 18:47:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/23 18:43:31 | 004,565,820 | R--- | C] (Swearware) -- C:\Users\ScottAndrew\Desktop\ComboFix.exe
[2012/06/23 18:29:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/23 18:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012/06/22 21:48:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ScottAndrew\Desktop\OTL.exe
[2012/06/22 21:05:37 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Avira
[2012/06/22 21:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/22 21:00:23 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/22 21:00:23 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/22 21:00:23 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/22 21:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/22 21:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/22 20:32:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 20:32:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 20:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/22 20:12:49 | 000,543,024 | ---- | C] (Microsoft Corporation) -- C:\Users\ScottAndrew\Desktop\IE9-Windows7-x64-enu.exe
[2012/06/21 22:38:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/06/21 17:40:00 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 17:40:00 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 17:40:00 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 17:39:59 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 17:39:59 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 17:39:59 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 17:39:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 17:39:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/21 17:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/21 17:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/21 17:33:44 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Malwarebytes
[2012/06/21 17:33:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/21 17:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/21 17:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/21 17:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/19 22:12:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/17 13:02:27 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/17 13:02:27 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/17 13:02:27 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/17 13:02:25 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/17 13:02:25 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/17 13:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/11 00:40:38 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Desktop\cutting board
[2012/05/28 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Polar Engineering
[2012/05/28 21:35:05 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/28 21:31:38 | 000,145,448 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2012/05/28 21:31:35 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Documents\Downloaded Installations
[2012/05/28 21:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinWrap Basic v10 - For COM (x64) NET 4.0 Utility
[2012/05/28 21:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Polar Engineering
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delcam
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Delcam
[2012/05/28 21:30:42 | 000,000,000 | ---D | C] -- C:\dcam
[2012/05/28 21:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Delcam
[2012/05/28 21:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\FeatureCAM
[2012/05/28 21:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Delcam
[2012/05/28 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Desktop\FeatureCAM_2012_R3_SP0_64bit
[2012/05/28 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\AppData\Roaming\Nico Mak Computing
[2012/05/28 19:22:36 | 000,018,760 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2012/05/28 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\ScottAndrew\Desktop\FONTS
[2012/05/28 11:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\[bleep] NFO Viewer

========== Files - Modified Within 30 Days ==========

[2012/06/25 18:05:07 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 18:05:07 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 18:05:07 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 18:00:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 18:00:21 | 2077,282,303 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 17:52:33 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ScottAndrew\Desktop\tdsskiller.exe
[2012/06/25 09:21:53 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 09:21:53 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 22:49:40 | 000,000,512 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\MBR.dat
[2012/06/24 22:39:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ScottAndrew\Desktop\aswMBR.exe
[2012/06/24 12:47:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\ScottAndrew\Desktop\esetsmartinstaller_enu.exe
[2012/06/24 12:43:44 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 12:43:03 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ScottAndrew\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/23 22:18:01 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/23 22:18:01 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/23 18:49:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/23 18:43:46 | 004,565,820 | R--- | M] (Swearware) -- C:\Users\ScottAndrew\Desktop\ComboFix.exe
[2012/06/22 21:48:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ScottAndrew\Desktop\OTL.exe
[2012/06/22 21:00:25 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/22 20:18:08 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/22 20:12:49 | 000,543,024 | ---- | M] (Microsoft Corporation) -- C:\Users\ScottAndrew\Desktop\IE9-Windows7-x64-enu.exe
[2012/06/21 17:39:28 | 000,001,270 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\Spybot - Search & Destroy.lnk
[2012/06/17 13:02:23 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/17 13:02:23 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/17 13:02:23 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/17 13:02:23 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/17 13:02:23 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/09 19:51:57 | 000,047,062 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\sink.jpg
[2012/06/09 19:41:09 | 000,052,605 | ---- | M] () -- C:\Users\ScottAndrew\Desktop\sink.pdf
[2012/06/02 17:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 17:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 17:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 17:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 17:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 17:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/05/28 21:38:21 | 000,000,109 | -H-- | M] () -- C:\Windows\EZFM_ui.INI
[2012/05/28 21:35:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/28 21:35:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/28 21:32:00 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\PAFWizard 2012 (64-bit).lnk
[2012/05/28 21:30:42 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\FeatureCAM (64-bit).lnk

========== Files Created - No Company Name ==========

[2012/06/24 22:49:40 | 000,000,512 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\MBR.dat
[2012/06/24 14:42:11 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\00000008.@
[2012/06/24 14:42:10 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000032.@
[2012/06/24 14:42:10 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000064.@
[2012/06/24 14:42:10 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000000.@
[2012/06/24 14:42:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\L\00000004.@
[2012/06/24 14:41:13 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\00000004.@
[2012/06/24 14:41:13 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\000000cb.@
[2012/06/23 18:47:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/23 18:47:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/23 18:47:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/23 18:47:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/23 18:47:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 21:00:25 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/22 20:18:08 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/22 20:18:08 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/21 17:39:28 | 000,001,270 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\Spybot - Search & Destroy.lnk
[2012/06/21 17:33:41 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 19:51:57 | 000,047,062 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\sink.jpg
[2012/06/09 19:41:09 | 000,052,605 | ---- | C] () -- C:\Users\ScottAndrew\Desktop\sink.pdf
[2012/05/28 21:38:21 | 000,000,109 | -H-- | C] () -- C:\Windows\EZFM_ui.INI
[2012/05/28 21:32:00 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\PAFWizard 2012 (64-bit).lnk
[2012/05/28 21:30:42 | 000,001,703 | ---- | C] () -- C:\Users\Public\Desktop\FeatureCAM (64-bit).lnk
[2011/10/23 09:38:47 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/10/23 02:03:24 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/22 23:05:53 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/22 23:04:14 | 000,014,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/10/22 23:01:49 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/23 04:46:38 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2010/11/20 22:23:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\@

< End of report >




I seem to not be getting any redirects right now. Thanks alot for your help.

If this problem shows up again should I just continue this thread or start a new one??

What anti-virus / malware / spyware programs(s) do you suggest?

[scottandrew10]

I am still getting a few redirects. Now its happening when I go to click on a link. Except now it starts a new tab in my browser and sends it to a random website. The weird thing is that it opens the new tab from me just "mousing" over the link before I actually click on it.

[Nedklaw]

Hi.
The infection has re-appeared. You can continue in this thread but if the topic becomes closed just message me and I can get my tutor to re-open it.


Step 1

Re-run ComboFix and allow it to update.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 2

The article here suggests some very good AV's and anti-malware programs which are free.
Personally, I use Microsoft Security Essentials because I like the simple interface and it doesn't affect system performance. I also use MBAM and SpywareBlaster.
However, don't go overboard on these type of programs because it can slowness in computer speed, conflicts and cause more vulnerability to infection.


Things I want to see in your next reply

• ComboFix.txt

[scottandrew10]

ComboFix 12-06-23.05 - ScottAndrew 06/26/2012 17:39:52.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8103.6741 [GMT -5:00]
Running from: c:\users\ScottAndrew\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\L\00000004.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\L\201d3dde
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\n
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\00000004.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\00000008.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\000000cb.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000000.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000032.@
c:\windows\Installer\{57dc159f-17bb-c9fb-c936-8b986f31693a}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 22:41 . 2012-06-26 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 17:47 . 2012-06-24 17:47 -------- d-----w- c:\program files (x86)\ESET
2012-06-23 23:29 . 2012-06-23 23:29 -------- d-----w- C:\_OTL
2012-06-23 23:25 . 2012-06-23 23:25 -------- d-----w- c:\program files\Microsoft Games
2012-06-23 02:05 . 2012-06-23 02:05 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Avira
2012-06-23 02:00 . 2012-06-24 03:18 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-23 02:00 . 2012-06-24 03:18 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-23 02:00 . 2011-09-16 21:09 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-23 02:00 . 2012-06-23 02:00 -------- d-----w- c:\programdata\Avira
2012-06-23 02:00 . 2012-06-23 02:00 -------- d-----w- c:\program files (x86)\Avira
2012-06-22 03:38 . 2012-06-22 03:38 -------- d-----w- c:\windows\system32\appmgmt
2012-06-21 22:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:39 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:39 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 22:39 . 2012-06-21 22:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-21 22:39 . 2012-06-21 22:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-21 22:33 . 2012-06-21 22:33 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Malwarebytes
2012-06-21 22:33 . 2012-06-24 17:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 22:33 . 2012-06-21 22:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 22:33 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 03:12 . 2012-06-20 03:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-19 22:02 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AE1699C-E3CF-40FE-BBAB-D0AB03F664C9}\mpengine.dll
2012-06-17 18:02 . 2012-06-17 18:02 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 18:02 . 2012-06-17 18:02 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-17 18:02 . 2012-06-17 18:02 -------- d-----w- c:\program files\Java
2012-05-29 02:38 . 2012-05-29 02:38 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Polar Engineering
2012-05-29 02:35 . 2012-05-29 02:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-29 02:31 . 2009-09-17 12:05 145448 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2012-05-29 02:30 . 2012-05-29 02:30 -------- d-----w- c:\program files\Polar Engineering
2012-05-29 02:30 . 2012-05-29 02:31 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2012-05-29 02:30 . 2012-05-29 02:30 -------- d-----w- c:\program files (x86)\Common Files\Delcam
2012-05-29 02:30 . 2012-05-29 02:30 -------- d-----w- C:\dcam
2012-05-29 02:30 . 2012-05-29 02:31 -------- d-----w- c:\program files\Common Files\Delcam
2012-05-29 02:30 . 2012-05-29 02:37 -------- d-----w- c:\programdata\FeatureCAM
2012-05-29 02:30 . 2012-05-29 02:31 -------- d-----w- c:\program files\Delcam
2012-05-29 00:22 . 2012-06-17 00:47 -------- d-----w- c:\users\ScottAndrew\AppData\Roaming\Nico Mak Computing
2012-05-29 00:22 . 2011-11-10 15:33 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-05-28 16:36 . 2012-05-28 16:36 -------- d-----w- c:\program files (x86)\[bleep] NFO Viewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 02:35 . 2011-10-30 21:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_23.50.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-20 03:12 . 2012-06-25 17:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-06-20 03:12 . 2012-06-23 22:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-06-25 05:36 . 2012-06-25 22:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012062520120626\index.dat
+ 2012-06-25 05:36 . 2012-06-25 05:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012061820120625\index.dat
- 2012-06-20 03:12 . 2012-06-23 23:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-06-20 03:12 . 2012-06-25 22:51 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-06-20 03:12 . 2012-06-25 22:51 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2012-06-20 03:12 . 2012-06-23 23:20 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-21 03:09 . 2012-06-23 23:51 29198 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-26 22:39 30704 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-23 10:38 . 2012-06-26 15:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 10:38 . 2012-06-23 23:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-26 15:11 . 2012-06-26 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-23 10:38 . 2012-06-23 23:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-26 15:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-23 23:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-23 05:58 . 2012-06-26 22:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-23 05:58 . 2012-06-26 22:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 05:58 . 2012-06-26 22:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-23 05:58 . 2012-06-26 22:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 05:58 . 2012-06-23 23:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 05:58 . 2012-06-26 22:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 04:07 . 2012-06-26 22:39 3074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2230358728-1914598529-2984429319-1000_UserData.bin
- 2012-06-23 23:50 . 2012-06-23 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-27 03:43 . 2012-06-27 03:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-06-25 22:51 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-24 21:13 . 2012-06-26 22:23 317952 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-23 23:35 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-25 23:05 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-25 23:05 121214 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-23 23:35 121214 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-06-25 14:17 112640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-06-26 22:41 299996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-23 23:49 299996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-06-23 23:20 3080192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-25 22:51 3080192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-25 22:51 1671168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 14:59 . 2012-06-26 22:37 44545256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2230358728-1914598529-2984429319-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-06-24 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe [2011-7-23 128000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-06-13 2655768]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-23 1431888]
R3 libusb0;PlanetCNC - Kernel Driver 02.14.2011 1.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-24 86224]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2011-06-03 848184]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [x]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [x]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\ScottAndrew\AppData\Roaming\Mozilla\Firefox\Profiles\b8z6eftv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2012-06-26 17:44:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 22:44
ComboFix2.txt 2012-06-24 17:39
ComboFix3.txt 2012-06-23 23:52
.
Pre-Run: 2,531,082,240 bytes free
Post-Run: 2,448,965,632 bytes free
.
- - End Of File - - E85CA1438CB0576B14BC4FFC73AB1C76