TechSpot

Another Sirefef/ZeroAccess infection

Solved
By asimperson
Jul 8, 2012
  1. Hi all,

    I seem to have gotten bit by this as well, despite using MSE and other tools I still haven't been able to completely get rid of the infection. I did consider doing a System Restore to a point before the infection but that doesn't seem to get recommended a whole lot so I haven't done it.

    What I've done for now is run FRST, and these are the results:
    Scan result of Farbar Recovery Scan Tool Version: 08-07-2012
    Ran by SYSTEM at 08-07-2012 15:09:21
    Running from J:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-29] (Adobe Systems Incorporated)
    HKLM\...\Run: [TortoiseHgOverlayIconServer] E:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [x]
    HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980368 2011-11-05] (The Eraser Project)
    HKLM\...\Run: [boincmgr] "E:\Program Files\BOINC\boincmgr.exe" /a /s [x]
    HKLM\...\Run: [boinctray] "E:\Program Files\BOINC\boinctray.exe" [x]
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
    HKLM-x32\...\Run: [BCSSync] "E:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [THX Audio Control Panel] "E:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r [x]
    HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKU\asim\...\Run: [TomTomHOME.exe] "e:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s [x]
    HKU\asim\...\Run: [Google Update] "C:\Users\asim\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-30] (Google Inc.)
    HKU\asim\...\Run: [ASRockXTU] [x]
    HKU\asim\...\Run: [OfficeSyncProcess] "E:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [x]
    HKU\asim\...\Run: [Steam] "E:\Steam\Steam.exe" -silent [x]
    HKU\asim\...\Run: [Koodv] C:\Users\asim\AppData\Roaming\Ymafuw\keiq.exe [421888 2012-04-10] ()
    HKU\asim\...\Run: [wseto] "C:\Windows\System32\rundll32.exe" "C:\Users\asim\AppData\Roaming\wseto.dll",TypeToAdsTypeDNWithString [375808 2012-07-07] (Dogbert)
    HKU\asim\...\Policies\system: [DisableLockWorkstation] 0
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1082440 2012-04-04] (Malwarebytes Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
    ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
    Startup: C:\Users\asim\Start Menu\Programs\Startup\FreePOPs.lnk
    ShortcutTarget: FreePOPs.lnk -> C:\Program Files (x86)\FreePOPs\freepopsd.exe ()
    Startup: C:\Users\asim\Start Menu\Programs\Startup\pagent.lnk
    ShortcutTarget: pagent.lnk -> C:\windows\system32\config\systemprofile\Desktop\sshkeys\pageant.exe (No File)
    Startup: C:\Users\asim\Start Menu\Programs\Startup\Password Safe.lnk
    ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)

    ==================== Services (Whitelisted) ======

    2 APC Data Service; "C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe" [21880 2010-09-14] (American Power Conversion Corporation)
    2 APC UPS Service; "C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe" [705912 2010-09-14] (American Power Conversion Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
    3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice [x]
    2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

    ========================== Drivers (Whitelisted) =============

    3 BazisVirtualCDBus; C:\Windows\System32\Drivers\BazisVirtualCDBus.sys [198480 2011-08-08] (SysProgs.org)
    0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [302120 2010-09-30] (Marvell Semiconductor, Inc.)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-07 12:07 - 2012-07-07 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F8CCFB3BBDC3120
    2012-07-07 12:04 - 2012-07-07 12:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.452CEDDFB472FFA5
    2012-07-07 12:02 - 2012-07-07 12:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBA9A7DD8E2D21F6
    2012-07-07 04:59 - 2012-07-07 04:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28C7AFDF4A6B032F
    2012-07-07 04:56 - 2012-07-07 04:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D8756818028673E
    2012-07-07 04:55 - 2012-07-07 04:55 - 00000000 ____D C:\Users\asim\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-07 04:53 - 2012-07-07 04:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.210092B5F4929FD1
    2012-07-07 04:50 - 2012-07-07 04:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.77D8D2FCF29EF135
    2012-07-07 04:50 - 2012-07-07 04:50 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-07-07 04:50 - 2012-07-07 04:50 - 00000000 ____D C:\Users\All Users\SUPERSetup
    2012-07-07 04:50 - 2012-07-07 04:50 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-07-07 04:50 - 2012-07-07 04:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-07-07 04:49 - 2012-07-07 04:49 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\11712296.sys
    2012-07-07 04:47 - 2012-07-07 04:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.538C2617149635E5
    2012-07-07 04:44 - 2012-07-07 04:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78879EDBFCA7CE8D
    2012-07-07 04:39 - 2012-07-07 04:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.835E6C898369C506
    2012-07-07 04:39 - 2012-07-07 04:39 - 00176940 ____A C:\Users\asim\Downloads\BFE.reg
    2012-07-07 04:38 - 2012-07-07 04:38 - 00006396 ____A C:\Users\asim\Downloads\MpsSvc.reg
    2012-07-07 04:37 - 2012-07-07 04:37 - 00007586 ____A C:\Users\asim\Downloads\WinDefend.reg
    2012-07-07 04:36 - 2012-07-07 04:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-07 04:36 - 2012-07-07 04:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-07 04:19 - 2012-07-07 04:19 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-07 04:19 - 2012-07-07 04:19 - 00000000 ____D C:\Users\asim\AppData\Roaming\Malwarebytes
    2012-07-07 04:19 - 2012-07-07 04:19 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-07 04:19 - 2012-07-07 04:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-07 04:19 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-07 04:18 - 2012-07-07 04:19 - 10063024 ____A (Malwarebytes Corporation ) C:\Users\asim\Downloads\mbam-setup.exe
    2012-07-07 04:13 - 2012-07-07 04:13 - 00457632 ____A (Bleeping Computer, LLC) C:\FixExec.com
    2012-07-07 04:13 - 2012-07-07 04:13 - 00001238 ____A C:\Users\asim\Desktop\FixExec.txt
    2012-07-07 04:13 - 2012-07-07 04:13 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-07 03:57 - 2012-07-07 03:57 - 00000000 ____D C:\Users\asim\AppData\Local\{D5C3F5E5-C82A-11E1-8270-B8AC6F996F26}
    2012-07-07 03:56 - 2012-07-07 03:56 - 00375808 ____A (Dogbert) C:\Users\asim\AppData\Roaming\wseto.dll
    2012-07-07 03:56 - 2012-07-07 03:56 - 00000000 ____D C:\Users\asim\AppData\Local\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}
    2012-07-07 03:55 - 2012-07-07 04:28 - 00000000 ____D C:\Users\asim\AppData\Roaming\Saepy
    2012-07-07 03:55 - 2012-07-07 04:24 - 00000000 ____D C:\Users\asim\AppData\Local\PlatformUserServices
    2012-07-07 03:55 - 2012-07-07 03:55 - 00000000 ____D C:\Users\asim\AppData\Roaming\Ymafuw
    2012-07-07 03:55 - 2012-07-07 03:55 - 00000000 ____D C:\Users\asim\AppData\Roaming\Udmex
    2012-07-07 03:55 - 2012-07-07 03:55 - 00000000 ____D C:\Users\All Users\B7E858A700008F5E000369D2B4EB2331
    2012-07-03 21:05 - 2012-07-03 21:05 - 00000000 ____D C:\Users\All Users\ATI
    2012-07-03 21:05 - 2012-07-03 21:05 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-07-03 21:00 - 2012-07-03 21:00 - 00000000 ____D C:\AMD
    2012-06-25 20:03 - 2012-06-25 20:03 - 00000000 ____D C:\Users\asim\Documents\SavedGames
    2012-06-25 20:03 - 2012-06-25 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
    2012-06-20 20:48 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-20 20:48 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-20 20:48 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-20 20:48 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-20 20:48 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-20 20:48 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-20 20:48 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-20 20:48 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-20 20:48 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-19 03:59 - 2012-06-19 03:59 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-19 03:59 - 2012-06-19 03:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-18 20:33 - 2012-06-18 20:39 - 60429312 ____A C:\Users\asim\Downloads\graphviz-2.28.0.msi
    2012-06-13 00:31 - 2012-06-13 00:31 - 00000000 ____D C:\Users\asim\AppData\Local\Macromedia
    2012-06-12 22:48 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-12 22:48 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-12 22:48 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-12 22:48 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-12 22:48 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-12 22:48 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-12 22:48 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-12 22:48 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-12 22:48 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-12 22:48 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-12 22:48 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-12 22:48 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-12 22:48 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-12 22:48 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-12 22:48 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-12 22:48 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-12 22:48 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-12 22:48 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-12 22:48 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-12 22:48 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-12 22:48 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-12 22:48 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-12 22:48 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-12 22:48 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-12 22:48 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-12 22:48 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-12 22:48 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-12 22:48 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 22:48 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-12 22:48 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-12 22:48 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-12 22:48 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-12 22:48 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-12 22:48 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-12 22:47 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 22:47 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 22:47 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-06-12 22:47 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 22:47 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 22:47 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-06-12 22:47 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-12 22:47 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-12 22:47 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 22:47 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 22:47 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 22:47 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-12 22:47 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-11 23:32 - 2012-06-11 23:32 - 00001573 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-11 23:32 - 2012-06-11 23:32 - 00000000 ____D C:\Program Files\iTunes
    2012-06-11 23:32 - 2012-06-11 23:32 - 00000000 ____D C:\Program Files\iPod
    2012-06-11 12:50 - 2012-06-11 12:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 12:50 - 2012-06-11 12:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 12:49 - 2012-06-11 12:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll


    ============ 3 Months Modified Files ========================

    2012-07-07 12:13 - 2009-07-13 21:13 - 00782568 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-07 12:07 - 2012-07-07 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F8CCFB3BBDC3120
    2012-07-07 12:06 - 2011-05-31 01:48 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-07 12:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-07 12:05 - 2009-07-13 20:51 - 00042333 ____A C:\Windows\setupact.log
    2012-07-07 12:04 - 2012-07-07 12:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.452CEDDFB472FFA5
    2012-07-07 12:02 - 2012-07-07 12:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBA9A7DD8E2D21F6
    2012-07-07 11:58 - 2010-11-20 19:47 - 00049286 ____A C:\Windows\PFRO.log
    2012-07-07 05:02 - 2011-05-26 17:25 - 02019851 ____A C:\Windows\WindowsUpdate.log
    2012-07-07 04:59 - 2012-07-07 04:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28C7AFDF4A6B032F
    2012-07-07 04:56 - 2012-07-07 04:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D8756818028673E
    2012-07-07 04:56 - 2011-05-30 20:25 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1299077805-4049216064-1238344601-1000UA.job
    2012-07-07 04:53 - 2012-07-07 04:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.210092B5F4929FD1
    2012-07-07 04:50 - 2012-07-07 04:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.77D8D2FCF29EF135
    2012-07-07 04:50 - 2012-07-07 04:50 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-07-07 04:49 - 2012-07-07 04:49 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\11712296.sys
    2012-07-07 04:47 - 2012-07-07 04:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.538C2617149635E5
    2012-07-07 04:44 - 2012-07-07 04:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78879EDBFCA7CE8D
    2012-07-07 04:39 - 2012-07-07 04:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.835E6C898369C506
    2012-07-07 04:39 - 2012-07-07 04:39 - 00176940 ____A C:\Users\asim\Downloads\BFE.reg
    2012-07-07 04:38 - 2012-07-07 04:38 - 00006396 ____A C:\Users\asim\Downloads\MpsSvc.reg
    2012-07-07 04:37 - 2012-07-07 04:37 - 00007586 ____A C:\Users\asim\Downloads\WinDefend.reg
    2012-07-07 04:36 - 2011-05-26 20:09 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-07 04:36 - 2011-05-26 20:08 - 00798480 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-07 04:35 - 2011-05-26 20:08 - 12621696 ____A (Microsoft Corporation) C:\Users\asim\Downloads\mseinstall.exe
    2012-07-07 04:35 - 2009-07-13 20:45 - 00022208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-07 04:35 - 2009-07-13 20:45 - 00022208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-07 04:19 - 2012-07-07 04:19 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-07 04:19 - 2012-07-07 04:18 - 10063024 ____A (Malwarebytes Corporation ) C:\Users\asim\Downloads\mbam-setup.exe
    2012-07-07 04:13 - 2012-07-07 04:13 - 00457632 ____A (Bleeping Computer, LLC) C:\FixExec.com
    2012-07-07 04:13 - 2012-07-07 04:13 - 00001238 ____A C:\Users\asim\Desktop\FixExec.txt
    2012-07-07 03:56 - 2012-07-07 03:56 - 00375808 ____A (Dogbert) C:\Users\asim\AppData\Roaming\wseto.dll
    2012-07-07 03:22 - 2011-05-27 23:49 - 00000600 ____A C:\Users\asim\AppData\Roaming\winscp.rnd
    2012-07-07 03:18 - 2011-05-31 01:48 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-05 18:56 - 2011-05-30 20:25 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1299077805-4049216064-1238344601-1000Core.job
    2012-07-03 19:19 - 2012-04-03 00:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-03 19:19 - 2011-05-26 23:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-29 19:57 - 2011-05-30 20:25 - 00002395 ____A C:\Users\asim\Desktop\Google Chrome.lnk
    2012-06-26 10:55 - 2012-03-15 20:14 - 00000891 ____A C:\Users\Public\Desktop\Mass Effect 3.lnk
    2012-06-26 10:55 - 2011-05-28 00:16 - 00246624 ____A C:\Windows\DirectX.log
    2012-06-24 21:38 - 2011-05-30 14:08 - 00000600 ____A C:\Users\asim\AppData\Local\PUTTY.RND
    2012-06-18 20:39 - 2012-06-18 20:33 - 60429312 ____A C:\Users\asim\Downloads\graphviz-2.28.0.msi
    2012-06-12 23:11 - 2009-07-13 20:45 - 00424824 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-12 22:51 - 2011-05-26 17:56 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-11 23:32 - 2012-06-11 23:32 - 00001573 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-11 12:50 - 2012-06-11 12:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 12:50 - 2012-06-11 12:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 12:49 - 2012-06-11 12:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:24 - 2011-04-19 18:09 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 09:23 - 2011-04-19 18:07 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 09:16 - 2012-02-14 19:07 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 09:01 - 2011-04-19 17:49 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:45 - 2011-04-19 17:46 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 08:45 - 2011-04-19 17:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 08:45 - 2011-04-19 17:38 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 08:43 - 2011-04-19 17:30 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:27 - 2011-07-07 18:47 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:26 - 2011-04-19 17:22 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:25 - 2012-02-14 18:12 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 08:25 - 2011-04-19 17:21 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:24 - 2011-04-19 17:21 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-02 14:19 - 2012-06-20 20:48 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-20 20:48 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-20 20:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-20 20:48 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-20 20:48 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-20 20:48 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-20 20:48 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-20 20:48 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-20 20:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-31 03:11 - 2012-05-31 03:11 - 00000794 ____A C:\Users\asim\Desktop\new text document.txt
    2012-05-31 03:07 - 2012-05-31 03:07 - 03466248 ____A (TrueCrypt Foundation) C:\Users\asim\Downloads\TrueCrypt Setup 7.1a.exe
    2012-05-31 03:07 - 2011-05-28 15:49 - 00231376 ____A (TrueCrypt Foundation) C:\Windows\System32\Drivers\truecrypt.sys
    2012-05-21 11:55 - 2012-05-21 11:55 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-05-20 21:43 - 2012-05-20 21:43 - 00000218 ____A C:\Users\asim\.recently-used.xbel
    2012-05-20 19:04 - 2012-05-20 19:04 - 00000932 ____A C:\Users\asim\asoiaf_2012-05-20.gpkg
    2012-05-17 18:47 - 2012-06-12 22:48 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-12 22:48 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-12 22:48 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-12 22:48 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-12 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-12 22:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-12 22:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-12 22:48 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-12 22:48 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-12 22:48 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-12 22:48 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-12 22:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-12 22:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-12 22:48 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-12 22:48 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-12 22:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-12 22:48 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-12 22:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-12 22:48 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-12 22:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-12 22:48 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-12 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-12 22:48 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-12 22:48 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-12 22:48 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-12 22:48 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-12 22:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-12 22:48 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-16 02:07 - 2012-05-16 02:07 - 02427820 ____A (Ilan Shemes ) C:\Users\asim\Downloads\GrabIt172b6.exe
    2012-05-14 17:32 - 2012-06-12 22:47 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-11 01:41 - 2012-05-11 01:41 - 00000779 ____A C:\Users\Public\Desktop\OpenNX.lnk
    2012-05-11 01:39 - 2012-05-11 01:39 - 14299990 ____A (The OpenNX Team ) C:\Users\asim\Downloads\OpenNX-0.16.0.708-Setup.exe
    2012-05-11 01:37 - 2012-01-31 03:35 - 00000150 ____A C:\Users\asim\.Xauthority
    2012-05-10 02:02 - 2011-05-30 22:12 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2012-05-10 02:02 - 2011-05-30 22:12 - 00000831 ____A C:\Windows\LkmdfCoInst.log
    2012-05-10 02:02 - 2011-05-30 22:11 - 00016392 ____A C:\Windows\LDPINST.LOG
    2012-05-10 02:01 - 2012-05-10 02:01 - 27941800 ____A (Logitech Inc.) C:\Users\asim\Downloads\setpoint632_x64.exe
    2012-05-09 01:05 - 2012-05-09 01:05 - 00000523 ____A C:\Users\Public\Desktop\Cygwin Terminal.lnk
    2012-05-09 01:02 - 2011-07-19 19:59 - 00705053 ____A C:\Users\asim\Downloads\setup.exe
    2012-05-08 22:27 - 2012-05-08 22:26 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\asim\Downloads\12-4_vista_win7_64_dd_ccc.exe
    2012-05-05 22:46 - 2011-06-09 01:08 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-05-04 03:06 - 2012-06-12 22:47 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-06-12 22:47 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-12 22:47 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 22:47 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-06-12 22:47 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-04-30 21:40 - 2012-06-12 22:47 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:55 - 2012-06-12 22:47 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 23:50 - 2012-04-26 23:50 - 00275008 ____A C:\Windows\Minidump\042712-25022-01.dmp
    2012-04-26 23:48 - 2012-04-26 23:48 - 00831496 ____A (SysProgs.org) C:\Users\asim\Downloads\WinCDEmu-3.6.exe
    2012-04-26 01:02 - 2012-04-06 03:14 - 00000735 ____A C:\Users\asim\Desktop\may-june2012 flights.txt
    2012-04-25 21:41 - 2012-06-12 22:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 22:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 22:47 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-12 22:48 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-12 22:48 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-12 22:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-12 22:48 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-12 22:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-12 22:48 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-15 15:46 - 2011-05-26 17:57 - 00002009 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    2012-04-15 15:45 - 2012-04-15 15:45 - 17597976 ____A (Mozilla) C:\Users\asim\Desktop\Thunderbird Setup 12.0b4.exe
    2012-04-14 16:57 - 2012-04-14 16:57 - 09267640 ____A (Space Sciences Laboratory, U.C. Berkeley) C:\Users\asim\Desktop\boinc_7.0.25_windows_x86_64.exe
    2012-04-12 11:30 - 2012-04-12 11:30 - 00637743 ____A C:\Windows\System32\atiicdxx.dat

    ZeroAccess:
    C:\Windows\Installer\{b403175c-6a0a-aa8f-bd99-9defd15943df}
    C:\Windows\Installer\{b403175c-6a0a-aa8f-bd99-9defd15943df}\7
    C:\Windows\Installer\{b403175c-6a0a-aa8f-bd99-9defd15943df}\@
    C:\Windows\Installer\{b403175c-6a0a-aa8f-bd99-9defd15943df}\L

    ZeroAccess:
    C:\Users\asim\AppData\Local\{b403175c-6a0a-aa8f-bd99-9defd15943df}
    C:\Users\asim\AppData\Local\{b403175c-6a0a-aa8f-bd99-9defd15943df}\@
    C:\Users\asim\AppData\Local\{b403175c-6a0a-aa8f-bd99-9defd15943df}\L
    C:\Users\asim\AppData\Local\{b403175c-6a0a-aa8f-bd99-9defd15943df}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 7%
    Total physical RAM: 16366.62 MB
    Available physical RAM: 15165.38 MB
    Total Pagefile: 16364.82 MB
    Available Pagefile: 15163.05 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:111.69 GB) (Free:10.15 GB) NTFS
    2 Drive d: (Backup) (Fixed) (Total:223 GB) (Free:57.45 GB) NTFS
    3 Drive e: (stuff) (Fixed) (Total:857.47 GB) (Free:684.25 GB) NTFS
    4 Drive f: (media) (Fixed) (Total:857.47 GB) (Free:284.79 GB) NTFS
    5 Drive g: (stuff2) (Fixed) (Total:856.46 GB) (Free:434.56 GB) NTFS
    6 Drive I: (MassEffect2) (CDROM) (Total:2.68 GB) (Free:0 GB) UDF
    7 Drive j: (USBSTICK) (Removable) (Total:0.12 GB) (Free:0.09 GB) FAT
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 111 GB 0 B
    Disk 1 Online 2794 GB 1024 KB *
    Disk 2 Online 124 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 111 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 111 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Reserved 128 MB 17 KB
    Partition 2 Primary 223 GB 129 MB
    Partition 3 Primary 857 GB 223 GB
    Partition 4 Primary 857 GB 1080 GB
    Partition 5 Primary 856 GB 1938 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
    Hidden : Yes
    Required: No
    Attrib : 0000000000000000

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 1
    Partition 2
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D Backup NTFS Partition 223 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 3
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E stuff NTFS Partition 857 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 4
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F media NTFS Partition 857 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 5
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 G stuff2 NTFS Partition 856 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 123 MB 64 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J USBSTICK FAT Removable 123 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-28 04:31

    ======================= End Of Log ==========================
     
  2. Broni

    Broni Malware Annihilator Posts: 48,006   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  3. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    Hi, thanks for the help!

    Farbar Recovery Scan Tool Version: 08-07-2012
    Ran by SYSTEM at 2012-07-08 16:06:29
    Running from J:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  4. Broni

    Broni Malware Annihilator Posts: 48,006   +271

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  5. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    I disabled MSE as per the instructions but ComboFix still thought it was active when it ran. I double-checked the setting and it was still disabled so I went ahead with running ComboFix.

    ComboFix 12-07-08.01 - asim 07/08/2012 17:17:24.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16367.14022 [GMT -7:00]
    Running from: H:\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\asim\AppData\Roaming\wseto.dll
    c:\users\asim\AppData\Roaming\Ymafuw
    c:\users\asim\AppData\Roaming\Ymafuw\keiq.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-08 23:09 . 2012-07-08 23:09 -------- d-----w- C:\FRST
    2012-07-07 12:55 . 2012-07-07 12:55 -------- d-----w- c:\users\asim\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-07 12:50 . 2012-07-07 12:50 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-07-07 12:50 . 2012-07-07 12:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-07 12:50 . 2012-07-07 12:50 -------- d-----w- c:\programdata\SUPERSetup
    2012-07-07 12:49 . 2012-07-07 12:49 116016 ----a-w- c:\windows\system32\drivers\11712296.sys
    2012-07-07 12:47 . 2012-06-18 10:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86892994-3CA3-4D42-A1F3-5FDE0EF83F6D}\mpengine.dll
    2012-07-07 12:36 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14612C87-48FA-4D22-A7F0-4C81EA46E7DF}\gapaengine.dll
    2012-07-07 12:36 . 2012-06-18 10:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC394B5B-0EF6-46DD-8FBE-7CD996F4ED1E}\mpengine.dll
    2012-07-07 12:36 . 2012-07-07 12:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-07 12:36 . 2012-07-07 12:36 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-07 12:19 . 2012-07-07 12:19 -------- d-----w- c:\users\asim\AppData\Roaming\Malwarebytes
    2012-07-07 12:19 . 2012-07-07 12:19 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-07 12:19 . 2012-07-07 12:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-07 12:19 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-07 12:13 . 2012-07-07 12:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-07 12:13 . 2012-07-07 12:13 457632 ----a-w- C:\FixExec.com
    2012-07-07 11:57 . 2012-07-07 11:57 -------- d-----w- c:\users\asim\AppData\Local\{D5C3F5E5-C82A-11E1-8270-B8AC6F996F26}
    2012-07-07 11:56 . 2012-07-07 11:56 -------- d-----w- c:\users\asim\AppData\Local\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}
    2012-07-07 11:55 . 2012-07-07 12:24 -------- d-----w- c:\users\asim\AppData\Local\PlatformUserServices
    2012-07-07 11:55 . 2012-07-07 11:55 -------- d-----w- c:\programdata\B7E858A700008F5E000369D2B4EB2331
    2012-07-07 11:55 . 2012-07-07 12:28 -------- d-----w- c:\users\asim\AppData\Roaming\Saepy
    2012-07-07 11:55 . 2012-07-07 11:55 -------- d-----w- c:\users\asim\AppData\Roaming\Udmex
    2012-07-04 05:05 . 2012-07-04 05:05 -------- d-----w- c:\programdata\ATI
    2012-07-04 05:05 . 2012-07-04 05:05 -------- d-----w- c:\program files (x86)\AMD APP
    2012-07-04 05:00 . 2012-07-04 05:00 -------- d-----w- C:\AMD
    2012-06-26 04:03 . 2012-06-26 04:03 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2012-06-21 04:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 04:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 04:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 04:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 04:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 04:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 04:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 04:48 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 04:48 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 11:59 . 2012-06-19 11:59 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-06-19 11:59 . 2012-06-19 11:59 68576 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-06-19 11:59 . 2012-06-19 11:59 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-06-19 11:59 . 2012-06-19 11:59 157600 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-06-19 11:59 . 2012-06-19 11:59 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-06-19 11:59 . 2012-06-19 11:59 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-19 11:59 . 2012-06-19 11:59 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-13 08:31 . 2012-06-13 08:31 -------- d-----w- c:\users\asim\AppData\Local\Macromedia
    2012-06-13 06:47 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 06:47 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 06:47 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 06:47 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 06:47 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 06:47 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 06:47 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-13 06:47 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 06:47 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 06:47 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 06:47 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 06:47 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-06-13 06:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-06-12 07:32 . 2012-06-12 07:32 -------- d-----w- c:\program files\iPod
    2012-06-12 07:32 . 2012-06-12 07:32 -------- d-----w- c:\program files\iTunes
    2012-06-11 20:50 . 2012-06-11 20:50 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 20:50 . 2012-06-11 20:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 20:50 . 2012-06-11 20:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-06-11 20:50 . 2012-06-11 20:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
    2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
    2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-04 03:19 . 2012-04-03 08:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-04 03:19 . 2011-05-27 07:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-11 17:24 . 2011-04-20 02:09 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2011-04-20 02:07 1090560 ----a-w- c:\windows\system32\aticfx64.dll
    2012-06-11 17:16 . 2012-02-15 03:07 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2011-04-20 01:49 6914560 ----a-w- c:\windows\system32\atidxx64.dll
    2012-06-11 16:45 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2011-04-20 01:38 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2011-04-20 01:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2011-04-20 01:30 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:27 . 2011-07-08 02:47 539136 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2011-04-20 01:22 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-06-11 16:25 . 2011-04-20 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2012-02-15 02:12 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:24 . 2011-04-20 01:21 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-05-31 11:07 . 2011-05-28 23:49 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
    2012-05-10 10:03 . 2012-05-10 10:03 53248 ----a-r- c:\users\asim\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-05-10 10:02 . 2011-05-31 06:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-04-15 00:58 . 2012-04-15 00:58 334008 ----a-r- c:\users\asim\AppData\Roaming\Microsoft\Installer\{8C3826F5-A2C1-40E3-A03F-49EFB2ABF62A}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe
    2012-04-15 00:58 . 2012-04-15 00:58 334008 ----a-r- c:\users\asim\AppData\Roaming\Microsoft\Installer\{8C3826F5-A2C1-40E3-A03F-49EFB2ABF62A}\ARPPRODUCTICON.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="e:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
    "OfficeSyncProcess"="e:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
    "Steam"="e:\steam\Steam.exe" [2012-01-04 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
    "BCSSync"="e:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "THX Audio Control Panel"="e:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-06-12 1349632]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
    .
    c:\users\asim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    FreePOPs.lnk - c:\program files (x86)\FreePOPs\freepopsd.exe [2008-12-27 49152]
    pagent.lnk - c:\users\asim\Desktop\sshkeys\pageant.exe [2011-10-31 139264]
    Password Safe.lnk - c:\program files (x86)\Password Safe\pwsafe.exe [2011-6-30 3648000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-31 136176]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-31 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-27 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;e:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-14 21880]
    S2 TomTomHOMEService;TomTomHOMEService;e:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 198480]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-27 349800]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-31 09:48]
    .
    2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-31 09:48]
    .
    2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1299077805-4049216064-1238344601-1000Core.job
    - c:\users\asim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-31 04:25]
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1299077805-4049216064-1238344601-1000UA.job
    - c:\users\asim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-31 04:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-04-24 02:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-04-24 02:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-04-24 02:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-04-24 02:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-04-24 02:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-04-24 02:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-04-24 02:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-04-24 02:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-04-24 02:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
    "THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    "TortoiseHgOverlayIconServer"="e:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-01-03 52688]
    "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
    "boincmgr"="e:\program files\BOINC\boincmgr.exe" [2012-04-04 5853872]
    "boinctray"="e:\program files\BOINC\boinctray.exe" [2012-04-04 70832]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - e:\progra~3\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - e:\progra~3\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-ASRockXTU - (no file)
    .
    .
    "ImagePath"="system32\DRIVERS\BazisVirtualCDBus.sys"
    "ImagePath"="\??\E:\SC4DELUXE1.mds"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-08 17:21:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-09 00:21
    .
    Pre-Run: 13,805,228,032 bytes free
    Post-Run: 17,032,347,648 bytes free
    .
    - - End Of File - - FBA304491BAF80E28B942018DCC17848
     
  6. Broni

    Broni Malware Annihilator Posts: 48,006   +271

    Looks good :)

    Any current issues?

    ====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    I tried downloading OTL but I'm getting an HTTP 503 error when I try to do so. MSE popped up with a trojan that I've copied and pasted below. Also, when I try to run anything normally I get a dialog box that pops up and says "Illegal operation attempted on a registry key that has been marked for deletion".

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.08.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    asim :: CASSINI [administrator]

    7/8/2012 5:40:33 PM
    mbam-log-2012-07-08 (17-40-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212220
    Time elapsed: 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    MSE detected Trojan:JS/Medfos.A
    Security Essentials encountered the following error: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.
    Category: Trojan
    Description: This program is dangerous and executes commands from an attacker.
    Recommended action: Remove this software immediately.
    Items:
    file:\Device\HarddiskVolumeShadowCopy8\Users\asim\AppData\Local\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul->(SCRIPT0000)
    Get more information about this item online.
     
  8. Broni

    Broni Malware Annihilator Posts: 48,006   +271

  9. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    The logs are too big to fit into one post, so I've split them up.

    OTL logfile created on: 7/8/2012 5:47:13 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\asim\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.98 Gb Total Physical Memory | 13.63 Gb Available Physical Memory | 85.30% Memory free
    31.96 Gb Paging File | 29.52 Gb Available in Paging File | 92.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 16.49 Gb Free Space | 14.76% Space Free | Partition Type: NTFS
    Drive D: | 223.00 Gb Total Space | 57.26 Gb Free Space | 25.68% Space Free | Partition Type: NTFS
    Drive E: | 857.47 Gb Total Space | 684.25 Gb Free Space | 79.80% Space Free | Partition Type: NTFS
    Drive F: | 857.47 Gb Total Space | 284.79 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
    Drive G: | 856.46 Gb Total Space | 434.57 Gb Free Space | 50.74% Space Free | Partition Type: NTFS
    Drive S: | 618.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive Y: | 2.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: CASSINI | User Name: asim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/08 17:46:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\asim\Downloads\OTL.exe
    PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    PRC - [2012/01/22 21:43:08 | 000,092,592 | ---- | M] (TomTom) -- e:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
    PRC - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
    PRC - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/28 03:28:56 | 000,438,296 | ---- | M] () -- C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
    MOD - [2012/06/28 03:28:54 | 003,972,120 | ---- | M] () -- C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    MOD - [2012/06/28 03:27:40 | 000,554,520 | ---- | M] () -- C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
    MOD - [2012/06/28 03:27:38 | 000,117,784 | ---- | M] () -- C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
    MOD - [2012/06/28 03:27:29 | 000,140,328 | ---- | M] () -- C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
    MOD - [2012/06/28 03:27:28 | 000,262,184 | ---- | M] () -- C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
    MOD - [2012/06/28 03:27:26 | 002,386,984 | ---- | M] () -- C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
    MOD - [2012/06/28 01:27:26 | 009,252,040 | ---- | M] () -- C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- E:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/06/11 10:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/06/19 22:00:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/06/19 04:59:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/01/22 21:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- e:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2011/08/01 23:11:02 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
    SRV - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
    SRV - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- E:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/06/11 11:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/06/11 09:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/05/31 04:07:53 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/10/17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/08/08 11:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
    DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/07 22:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
    DRV:64bit: - [2011/02/07 22:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2010/10/27 10:05:02 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/30 20:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 1C A0 B6 28 24 CC 01 [binary data]
    IE - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~3\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\asim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\asim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 9.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012/01/04 02:28:54 | 000,000,000 | ---D | M]
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 9.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 15.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012/06/19 05:00:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 15.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bonjour4firefox@apple.com: C:\Program Files (x86)\Bonjour SDK\Bin\FirefoxExtension\ [2011/07/19 21:24:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 04:59:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 12:55:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/21 12:55:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}: C:\Users\asim\AppData\Local\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}\ [2012/07/07 04:56:33 | 000,000,000 | ---D | M]

    [2011/05/26 21:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Extensions
    [2011/05/26 18:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/06/15 13:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/06/19 04:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\9j8vc00k.default\extensions
    [2012/05/24 03:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\if6b6eqz.debug\extensions
    [2012/06/29 21:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions
    [2011/05/26 21:50:06 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2011/05/26 21:50:06 | 000,000,000 | ---D | M] ("Pennypacker") -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\{638b0aea-a87f-4b7e-bbd9-e5c272af3ff6}
    [2011/05/26 21:50:07 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
    [2011/05/26 21:50:07 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
    [2011/05/26 21:50:07 | 000,000,000 | ---D | M] ("Delicious Delicacies") -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\{A78385F2-2843-4b9a-B7D9-048F7CB86655}
    [2011/05/26 21:50:07 | 000,000,000 | ---D | M] (Slashdotter) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\{c4f1fdfb-49f5-4cb5-a4e5-3b857ca2ef95}
    [2011/07/17 02:39:35 | 000,000,000 | ---D | M] () -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
    [2012/05/24 03:04:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/01/04 01:49:47 | 000,000,000 | ---D | M] (Anti-Aliasing Tuner) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\aatuner@hotmint.com
    [2011/05/26 21:50:02 | 000,000,000 | ---D | M] ("Basics") -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\basics@spuler.us
    [2011/06/24 04:29:06 | 000,000,000 | ---D | M] (DNSSEC Validator) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\dnssec@nic.cz
    [2012/05/24 03:04:53 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\en-US@dictionaries.addons.mozilla.org
    [2011/07/17 02:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions
    [2012/06/19 04:56:22 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\https-everywhere@eff.org
    [2012/06/19 04:56:22 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\inspector@mozilla.org
    [2011/05/26 21:50:06 | 000,000,000 | ---D | M] (SphereGnome) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\SphereGnome
    [2011/05/26 21:50:06 | 000,000,000 | ---D | M] (Custom Tab Width) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\tab-width@design-noir.de
    [2011/05/26 21:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\temp
    [2011/05/26 21:50:06 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
    [2011/05/26 21:50:04 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2011/05/26 21:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{0fd72a11-d898-463b-99c3-c7d1d742a72e}
    [2011/05/26 21:50:04 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2011/05/26 21:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
    [2011/05/26 21:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{2A10B180-05EF-11D9-8C50-444553540001}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{641d8d09-7dda-4850-8228-ac0ab65e2ac9}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (IE View) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{805225dd-23f6-4b0e-8d78-7001c872d88c}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (Tabbrowser Preferences) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (Delicious Delicacies) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{A78385F2-2843-4b9a-B7D9-048F7CB86655}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (fireFTP) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{BA8E053E-2867-4772-B9F0-26A5979AFA09}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (Open Java Console) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{bf2f5099-d9ce-40b1-950d-333b44ef1a24}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] () -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
    [2011/05/26 21:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\{fb0cbf5b-695b-4322-8b49-5dedbfb946fc}
    [2011/05/26 21:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\SphereGnome
    [2011/05/26 21:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asim\AppData\Roaming\Mozilla\Firefox\Profiles\r170lqqy.asim\extensions\extensions\temp
    [2011/12/09 13:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/19 04:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2012/07/07 04:56:33 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ASIM\APPDATA\LOCAL\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}
    [2012/06/19 04:59:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/02/06 13:58:51 | 000,346,112 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\autobahn.dll
    [2010/02/06 13:59:50 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NSISdl.dll
    [2009/09/17 12:32:32 | 017,530,584 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\swarmcast.dll
    [2012/06/19 04:59:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/19 04:59:26 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
     
  10. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\asim\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\asim\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = E:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = E:\PROGRA~3\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - Extension: Entanglement = C:\Users\asim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: imgur = C:\Users\asim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao\1.1.2_0\
    CHR - Extension: Poppit = C:\Users\asim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

    O1 HOSTS File: ([2012/07/08 17:20:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [boincmgr] E:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
    O4:64bit: - HKLM..\Run: [boinctray] E:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] E:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCSSync] E:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [THX Audio Control Panel] E:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000..\Run: [OfficeSyncProcess] E:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000..\Run: [Steam] E:\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000..\Run: [TomTomHOME.exe] e:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - Startup: C:\Users\asim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreePOPs.lnk = C:\Program Files (x86)\FreePOPs\freepopsd.exe ()
    O4 - Startup: C:\Users\asim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pagent.lnk = C:\Users\asim\Desktop\sshkeys\pageant.exe (Simon Tatham)
    O4 - Startup: C:\Users\asim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1299077805-4049216064-1238344601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Se&nd to OneNote - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour SDK\Bin\ExplorerPlugin.dll (Apple Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour SDK\Bin\ExplorerPlugin.dll (Apple Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D580C35-90BC-483B-987A-EE5C885008B9}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/08/27 01:47:09 | 000,561,152 | R--- | M] (Electronic Arts Inc.) - S:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2003/08/27 01:23:35 | 001,736,704 | R--- | M] () - S:\AutoRunGUI.dll -- [ CDFS ]
    O32 - AutoRun File - [2003/08/27 01:47:12 | 000,000,000 | ---D | M] - S:\autorun -- [ CDFS ]
    O32 - AutoRun File - [2003/08/27 01:47:09 | 000,000,079 | R--- | M] () - S:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2009/10/26 09:45:39 | 000,779,496 | R--- | M] (BioWare) - Y:\autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2009/10/26 14:21:41 | 000,000,054 | R--- | M] () - Y:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/08 17:21:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/08 17:20:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/08 17:16:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/08 17:16:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/08 17:16:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/08 17:15:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/08 17:15:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/08 16:09:13 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/07 05:55:15 | 000,000,000 | ---D | C] -- C:\Users\asim\AppData\Roaming\SUPERAntiSpyware.com
    [2012/07/07 05:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/07 05:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/07/07 05:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/07/07 05:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
    [2012/07/07 05:49:54 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\11712296.sys
    [2012/07/07 05:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/07 05:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/07 05:19:49 | 000,000,000 | ---D | C] -- C:\Users\asim\AppData\Roaming\Malwarebytes
    [2012/07/07 05:19:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/07 05:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/07 05:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/07 05:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/07 05:13:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/07 05:13:28 | 000,457,632 | ---- | C] (Bleeping Computer, LLC) -- C:\FixExec.com
    [2012/07/07 04:57:52 | 000,000,000 | ---D | C] -- C:\Users\asim\AppData\Local\{D5C3F5E5-C82A-11E1-8270-B8AC6F996F26}
    [2012/07/07 04:56:33 | 000,000,000 | ---D | C] -- C:\Users\asim\AppData\Local\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}
    [2012/07/07 04:55:45 | 000,000,000 | ---D | C] -- C:\Users\asim\AppData\Local\PlatformUserServices
    [2012/07/07 04:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700008F5E000369D2B4EB2331
    [2012/07/07 04:55:37 | 000,000,000 | ---D | C] -- C:\Users\asim\AppData\Roaming\Udmex
    [2012/07/07 04:55:37 | 000,000,000 | ---D | C] -- C:\Users\asim\AppData\Roaming\Saepy
    [2012/07/03 22:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/07/03 22:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012/07/03 22:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2012/07/03 22:00:15 | 000,000,000 | ---D | C] -- C:\AMD
    [2012/06/25 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\asim\Documents\SavedGames
    [2012/06/25 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
    [2012/06/19 04:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/06/19 04:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/06/18 21:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphviz 2.28
    [2012/06/13 01:31:34 | 000,000,000 | ---D | C] -- C:\Users\asim\AppData\Local\Macromedia
    [2012/06/12 00:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/06/12 00:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/06/12 00:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/06/11 11:35:48 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.98.dll
    [2012/06/11 10:19:58 | 000,532,992 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2012/06/11 10:19:14 | 000,239,616 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2012/06/11 10:17:56 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2012/06/11 10:17:42 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/07/08 17:28:09 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/08 17:28:09 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/08 17:25:19 | 000,782,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/08 17:25:19 | 000,664,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/08 17:25:19 | 000,122,854 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/08 17:20:48 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/08 17:20:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/08 17:20:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/08 17:20:37 | 4281,294,846 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/08 17:18:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/07 05:56:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1299077805-4049216064-1238344601-1000UA.job
    [2012/07/07 05:50:28 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/07 05:49:54 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\11712296.sys
    [2012/07/07 05:36:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/07 05:36:11 | 000,798,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/07 05:19:46 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/07 05:13:24 | 000,457,632 | ---- | M] (Bleeping Computer, LLC) -- C:\FixExec.com
    [2012/07/07 04:22:47 | 000,000,600 | ---- | M] () -- C:\Users\asim\AppData\Roaming\winscp.rnd
    [2012/07/06 22:55:44 | 000,003,728 | ---- | M] () -- C:\Users\asim\Desktop\2019742.jpg
    [2012/07/06 00:24:14 | 000,002,114 | ---- | M] () -- C:\Users\asim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2012/07/05 19:56:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1299077805-4049216064-1238344601-1000Core.job
    [2012/06/29 20:57:14 | 000,002,395 | ---- | M] () -- C:\Users\asim\Desktop\Google Chrome.lnk
    [2012/06/26 11:55:27 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
    [2012/06/26 01:10:16 | 000,304,517 | ---- | M] () -- C:\Users\asim\Documents\Clipboard01.pdf
    [2012/06/24 22:38:38 | 000,000,600 | ---- | M] () -- C:\Users\asim\AppData\Local\PUTTY.RND
    [2012/06/13 00:11:45 | 000,424,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/12 00:32:49 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/11 13:50:46 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
    [2012/06/11 11:35:48 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.98.dll
    [2012/06/11 10:26:12 | 000,263,840 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
    [2012/06/11 10:26:12 | 000,263,840 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
    [2012/06/11 10:19:58 | 000,532,992 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2012/06/11 10:19:14 | 000,239,616 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2012/06/11 10:17:56 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2012/06/11 10:17:42 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2012/06/11 09:50:16 | 002,936,864 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
    [2012/06/11 09:41:48 | 002,971,136 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap

    ========== Files Created - No Company Name ==========

    [2012/07/08 17:16:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/08 17:16:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/08 17:16:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/08 17:16:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/08 17:16:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/07 05:50:28 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/07 05:36:13 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/07 05:19:46 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/06 22:55:44 | 000,003,728 | ---- | C] () -- C:\Users\asim\Desktop\2019742.jpg
    [2012/06/26 01:10:14 | 000,304,517 | ---- | C] () -- C:\Users\asim\Documents\Clipboard01.pdf
    [2012/06/12 00:32:49 | 000,001,573 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/11 13:50:46 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
    [2012/06/11 10:26:12 | 000,263,840 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
    [2012/06/11 10:26:12 | 000,263,840 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
    [2012/06/11 09:50:16 | 002,936,864 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
    [2012/06/11 09:41:48 | 002,971,136 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
    [2012/05/20 22:43:56 | 000,000,218 | ---- | C] () -- C:\Users\asim\.recently-used.xbel
    [2012/05/20 20:04:45 | 000,000,932 | ---- | C] () -- C:\Users\asim\asoiaf_2012-05-20.gpkg
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/02/02 22:57:56 | 000,002,182 | ---- | C] () -- C:\Users\asim\.kdiff3rc
    [2012/02/02 22:47:51 | 000,000,440 | ---- | C] () -- C:\Users\asim\mercurial.ini
    [2012/01/31 04:35:26 | 000,000,150 | ---- | C] () -- C:\Users\asim\.Xauthority
    [2011/12/07 22:16:08 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/08/01 23:11:47 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2011/08/01 23:11:47 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2011/08/01 23:11:47 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2011/08/01 23:11:46 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011/08/01 23:11:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2011/05/31 01:24:21 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
    [2011/05/30 15:08:37 | 000,000,600 | ---- | C] () -- C:\Users\asim\AppData\Local\PUTTY.RND
    [2011/05/28 00:49:41 | 000,000,600 | ---- | C] () -- C:\Users\asim\AppData\Roaming\winscp.rnd
    [2011/05/26 21:08:56 | 000,798,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/26 19:03:21 | 006,918,144 | ---- | C] () -- C:\Users\asim\PCPE_3.0.msi
    [2011/05/26 18:36:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    ========== LOP Check ==========

    [2012/05/09 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\.emacs.d
    [2012/03/12 02:27:20 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Amazon
    [2012/01/09 01:01:30 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Audacity
    [2012/01/07 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\DisplayFusion
    [2012/02/01 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\enchant
    [2011/05/26 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\foobar2000
    [2012/05/20 22:36:56 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\gramps
    [2011/05/26 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\gtk-2.0
    [2012/05/16 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\HandBrake
    [2011/06/09 01:32:54 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\ImgBurn
    [2011/05/28 00:33:55 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\IrfanView
    [2011/05/30 23:12:08 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Leadertech
    [2011/05/26 22:08:16 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Notepad++
    [2012/03/15 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Origin
    [2012/07/07 05:28:10 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Saepy
    [2011/05/28 17:26:36 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Softland
    [2012/02/10 02:02:27 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Sublime Text 2
    [2011/06/25 05:21:53 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\SystemRequirementsLab
    [2012/02/10 20:17:40 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\TaxCut
    [2011/05/26 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Thunderbird
    [2011/05/28 17:59:20 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\TomTom
    [2012/05/31 04:31:57 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\TrueCrypt
    [2011/05/26 21:53:15 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2012/07/07 04:55:37 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\Udmex
    [2012/05/05 23:47:03 | 000,000,000 | ---D | M] -- C:\Users\asim\AppData\Roaming\uTorrent
    [2012/02/15 02:29:48 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  11. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    OTL Extras logfile created on: 7/8/2012 5:47:13 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\asim\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.98 Gb Total Physical Memory | 13.63 Gb Available Physical Memory | 85.30% Memory free
    31.96 Gb Paging File | 29.52 Gb Available in Paging File | 92.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 16.49 Gb Free Space | 14.76% Space Free | Partition Type: NTFS
    Drive D: | 223.00 Gb Total Space | 57.26 Gb Free Space | 25.68% Space Free | Partition Type: NTFS
    Drive E: | 857.47 Gb Total Space | 684.25 Gb Free Space | 79.80% Space Free | Partition Type: NTFS
    Drive F: | 857.47 Gb Total Space | 284.79 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
    Drive G: | 856.46 Gb Total Space | 434.57 Gb Free Space | 50.74% Space Free | Partition Type: NTFS
    Drive S: | 618.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive Y: | 2.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: CASSINI | User Name: asim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1299077805-4049216064-1238344601-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "E:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "E:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
    "{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
    "{28543AE2-F288-433E-96F4-B0DCD7D83E63}" = Bonjour SDK
    "{3607CBFF-3DC7-35E2-A78C-2A3BE1B72022}" = Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
    "{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
    "{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343
    "{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
    "{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
    "{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
    "{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25 (64-bit)
    "{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
    "{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C3826F5-A2C1-40E3-A03F-49EFB2ABF62A}" = BOINC
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
    "{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FD789345-551F-4AEF-A912-0D237942B413}" = TortoiseHg 2.2.2 (x64)
    "doPDF 7 printer_is1" = doPDF 7.2 printer
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
    "sp6" = Logitech SetPoint 6.32
    "Sublime Text 2_is1" = Sublime Text 2 Build 2165
    "Waterfox 9.0 (x64 en-US)" = Waterfox 9.0 (x64 en-US)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{10894714-E82E-4371-9CF7-F58E352C76EA}" = H&R Block California 2011
    "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{12FAF8C2-0061-429D-B7B4-FF1C9C58A99C}" = THX TruStudio Pro
    "{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20BDDF2C-3FC2-3A80-8480-FCD083E76FA7}" = Strawberry Perl
    "{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
    "{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
    "{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
    "{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{32A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
    "{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
    "{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
    "{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
    "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
    "{56D797D7-543C-408F-BBEB-B56787873D2F}_is1" = OpenNX 0.16.0.708
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
    "{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
    "{6091F327-2B13-4193-A6F1-4B2271613A74}_is1" = Feed Notifier 2.5
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
    "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
    "{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
    "{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
    "{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_SharePointDesigner_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2010
    "{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8C80871-125D-4667-BC0A-E3EEE62597E8}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
    "{90140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010
    "{90140000-0017-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{E1BDB3A3-E0ED-4347-A84D-5D4A747259CA}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SharePointDesigner_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SharePointDesigner_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
    "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
    "{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
    "{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
    "{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
    "{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D437FFB6-5C49-4DAC-ABAE-33FF065FE7CC}" = Graphviz 2.28
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
    "{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
    "{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
    "{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
    "{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
    "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition 3.0
    "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
    "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.54
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
    "Aurora 15.0a2 (x86 en-US)" = Aurora 15.0a2 (x86 en-US)
    "Carrier" = Carrier
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
    "DiffUtils-2.8.7_is1" = GnuWin32: DiffUtils version 2.8.7
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "FreePOPs" = NSIS FreePOPs (remove only)
    "GrampsAIO" = GrampsAIO
    "GTK2-Runtime" = GTK2-Runtime
    "HandBrake" = HandBrake 0.9.6
    "ImgBurn" = ImgBurn
    "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
    "IrfanView" = IrfanView (remove only)
    "MagniDriver" = marvell 91xx driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Mozilla Firefox 14.0 (x86 en-US)" = Mozilla Firefox 14.0 (x86 en-US)
    "Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "NSIS" = Nullsoft Install System
    "NX Client Fonts 100dpi_is1" = NX Client Fonts 100dpi
    "NX Client Fonts 75dpi_is1" = NX Client Fonts 75dpi
    "NX Client Fonts Misc_is1" = NX Client Fonts Misc
    "NX Client Fonts Others_is1" = NX Client Fonts Others
    "nxclient_is1" = NX Client for Windows 3.5.0-7
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Office14.SharePointDesigner" = Microsoft SharePoint Designer 2010
    "Origin" = Origin
    "Password Safe" = Password Safe
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "PS3 Media Server" = PS3 Media Server
    "QuickPar" = QuickPar 0.9
    "SharePointDesigner" = Microsoft Office SharePoint Designer 2007
    "Steam App 107100" = Bastion
    "Steam App 107300" = Breath of Death VII
    "Steam App 107310" = Cthulhu Saves the World
    "Steam App 200900" = Cave Story+
    "Steam App 213030" = Penny Arcade's On the Rain-Slick Precipice of Darkness 3
    "Steam App 34030" = Napoleon: Total War
    "Synergy" = Synergy
    "thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
    "TomTom HOME" = TomTom HOME 2.8.3.2499
    "TrueCrypt" = TrueCrypt
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "UBCD4Win_is1" = UBCD4Win 3.60
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "Winamp" = Winamp
    "WinCDEmu" = WinCDEmu
    "WinLiveSuite" = Windows Live Essentials
    "WinMerge_is1" = WinMerge 2.12.4
    "winscp3_is1" = WinSCP 4.3.3

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1299077805-4049216064-1238344601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Network Addon Mod" = Network Addon Mod Version 30 with Essentials r132
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/7/2012 8:50:45 AM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/7/2012 8:53:46 AM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/7/2012 8:56:38 AM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/7/2012 8:59:31 AM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/7/2012 9:02:34 AM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/7/2012 4:00:44 PM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/7/2012 4:07:24 PM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/7/2012 4:10:56 PM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/8/2012 8:15:07 PM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/8/2012 8:22:32 PM | Computer Name = cassini | Source = WinMgmt | ID = 10
    Description =

    Error - 7/8/2012 8:33:56 PM | Computer Name = cassini | Source = Windows Backup | ID = 4104
    Description =

    [ System Events ]
    Error - 7/28/2011 5:35:46 AM | Computer Name = cassini | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR3.

    Error - 7/28/2011 5:35:47 AM | Computer Name = cassini | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR3.

    Error - 7/29/2011 3:08:44 PM | Computer Name = cassini | Source = DCOM | ID = 10010
    Description =

    Error - 7/30/2011 7:02:14 PM | Computer Name = cassini | Source = DCOM | ID = 10010
    Description =

    Error - 8/1/2011 3:55:54 PM | Computer Name = cassini | Source = DCOM | ID = 10010
    Description =

    Error - 8/2/2011 2:03:07 AM | Computer Name = cassini | Source = DCOM | ID = 10010
    Description =

    Error - 8/2/2011 2:11:56 AM | Computer Name = cassini | Source = DCOM | ID = 10010
    Description =

    Error - 8/2/2011 1:19:43 PM | Computer Name = cassini | Source = DCOM | ID = 10010
    Description =

    Error - 8/3/2011 2:59:33 PM | Computer Name = cassini | Source = DCOM | ID = 10010
    Description =

    Error - 8/4/2011 3:12:05 PM | Computer Name = cassini | Source = DCOM | ID = 10010
    Description =


    < End of report >
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,006   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}: C:\Users\asim\AppData\Local\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}\ [2012/07/07 04:56:33 | 000,000,000 | ---D | M]
      [2012/07/07 04:56:33 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ASIM\APPDATA\LOCAL\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    OTL done, running the other 4 now.
    All processes killed
    ========== OTL ==========
    File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}: C:\Users\asim\AppData\Local\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}\ not found.
    C:\USERS\ASIM\APPDATA\LOCAL\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}\chrome\content folder moved successfully.
    C:\USERS\ASIM\APPDATA\LOCAL\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26}\chrome folder moved successfully.
    C:\USERS\ASIM\APPDATA\LOCAL\{D5C3BD85-C82A-11E1-8270-B8AC6F996F26} folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: asim
    ->Temp folder emptied: 183871 bytes
    ->Temporary Internet Files folder emptied: 132153892 bytes
    ->Java cache emptied: 2469466 bytes
    ->FireFox cache emptied: 120845297 bytes
    ->Google Chrome cache emptied: 451488530 bytes
    ->Flash cache emptied: 57494 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56478 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4218 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 38472765 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 711.00 mb


    [EMPTYJAVA]

    User: All Users

    User: asim
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: asim
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07082012_184431

    Files\Folders moved on Reboot...
    C:\Users\asim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\asim\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  14. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    First two scan results, about to run TFC.
    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    JavaFX 2.0.3
    Java(TM) 6 Update 29
    Java(TM) 7 Update 3
    Java(TM) SE Development Kit 6 Update 25
    Out of date Java installed!
    Adobe Flash Player11.3.300.262
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    Mozilla Thunderbird (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
    Farbar Service Scanner Version: 08-07-2012
    Ran by asim (administrator) on 08-07-2012 at 18:51:50
    Running from "C:\Users\asim\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     
  15. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    Getting a 503 error trying to access TFC, appears geekstogo.com is down right now.
     
  16. Broni

    Broni Malware Annihilator Posts: 48,006   +271

  17. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    Thanks.

    Also, there appears to be another bogus browser extension at C:\Users\asim\AppData\Local\{D5C3F5E5-C82A-11E1-8270-B8AC6F996F26} that was created at 7/7/2012 4:57am, right around the time as the other one. There's 4 files in it (background.html, icon.png, manager.js, and manifest.json) that appear to be nonsense javascript operations (though it could just be obfuscated) and the manifest.json is trying to pass itself off as the "ChromeUpdateManager".
     
  18. Broni

    Broni Malware Annihilator Posts: 48,006   +271

    I don't see it within Firefox itself but I can see this folder:
    C:\Users\asim\AppData\Local\{D5C3F5E5-C82A-11E1-8270-B8AC6F996F26}
    Delete it.
     
  19. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    ESET Report:
    C:\FRST\Quarantine\services.exeWin64/Patched.B.Gen trojandeleted - quarantined
    C:\Qoobox\Quarantine\C\Users\asim\AppData\Roaming\Ymafuw\keiq.exe.vira variant of Win32/Injector.TRY trojancleaned by deleting - quarantined
     
  20. Broni

    Broni Malware Annihilator Posts: 48,006   +271

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================================

    We have one corrupted registry key affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on bits.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.
     
  21. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    Farbar Service Scanner Version: 08-07-2012
    Ran by asim (administrator) on 09-07-2012 at 12:31:45
    Running from "C:\Users\asim\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  22. Broni

    Broni Malware Annihilator Posts: 48,006   +271

    Couple of services are still not running.

    Download Windows Repair (all in one) from this site

    Install the program then run

    Go to step 2 and allow it to run Disc check

    [​IMG]



    Once that is done then go to step 3 and allow it to run SFC

    [​IMG]


    On the the Start Repairs tab click Start button.

    [​IMG]


    Please ensure that items seen in the image below are ticked as indicated:

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start

    Post new FSS log.
     
  23. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    Farbar Service Scanner Version: 08-07-2012
    Ran by asim (administrator) on 09-07-2012 at 21:31:39
    Running from "C:\Users\asim\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    Windows Update did run successfully after I ran it manually, though.
     
  24. Broni

    Broni Malware Annihilator Posts: 48,006   +271

    Please check if you can access Windows updates.
     
  25. asimperson

    asimperson TS Rookie Topic Starter Posts: 17

    I have 2 optional updates. One is a update for MSE's definitions and the other is Bing Desktop. I selected the MSE definitions for download and they download and installed fine.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.