Infected with Sirefef Trojan

Solved
By Goach Mcguirk
Jul 29, 2012
  1. Hello.

    I noticed today that windows firewall and MSE were disabled. I couldn't get either to work, so I ended up downloading and reinstalling MSE. Ran a scan and it came back with multiple iterations of the Sirefef trojan. I tried removing them, but that resulted in "Critical Error windows shut down in one minute," both in normal mode and safe mode. I tried disabling MSE in msconfig but windows still restarts like clockwork, meaning I couldn't carry out the preliminary removal instructions in the stickied thread. I'm running Windows 7 Home 64 with SP1.


    I'm posting this from a second computer. From what I've read Sirefef is pretty stubborn, and I'm not sure how to tackle it when I can't even run MBAM in safe mode. Any help would be very much appreciated.

    Carson
  2. Broni

    Broni Malware Annihilator Posts: 46,422   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  3. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    Thanks for you prompt reply. Here are the logs:
    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 29-07-2012 17:24:23
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet002

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [OSD CC] %ProgramFiles%\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-08-25] (IDT, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [4620288 2010-02-10] (Broadcom Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2010-02-10] (Sun Microsystems, Inc.)
    HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1692264 2011-09-22] ()
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [63304 2010-05-21] (Alienware Corporation)
    HKLM\...\Run: [] [x]
    HKLM-x32\...\Run: [OSD] c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH)
    HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-04-28] (cyberlink)
    HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [FAStartup] [x]
    HKLM-x32\...\Run: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" [5365592 2009-01-26] (Safer Networking Limited)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
    HKU\User\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-01] (Valve Corporation)
    HKU\User\...\Run: [WallpaperChanger] C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe [321536 2005-11-08] (James Garton)
    HKU\User\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
    HKU\User\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-07] (Google Inc.)
    HKU\User\...\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
    HKU\User\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-23] ()
    HKU\User\...\Run: [DeadIslandHelper] "C:\Games And Programs\Dead Island Helper.exe" [189952 2011-09-24] (Microsoft)
    HKU\User\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\User\...\Run: [SpiderOak] C:\Program Files (x86)\SpiderOak\SpiderOak.exe --windows_startup [53760 2011-06-16] (SpiderOak)
    HKU\User\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    HKU\User\...\Run: [F.lux] "C:\Users\User\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
    HKU\User\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-12] (BitTorrent, Inc.)
    HKU\User\...\Run: [Spotify Web Helper] "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-06-01] ()
    HKU\User\...\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent [35256 2012-07-15] (Overwolf)
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
    Lsa: [Notification Packages] scecli
    FAPassSync
    Startup: C:\Users\User\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\User\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    Startup: C:\Users\User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

    ==================== Services (Whitelisted) ======

    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] ()
    2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
    3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [278336 2011-09-19] (NVIDIA)
    3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2012-07-15] (Overwolf Ltd)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-16] ()
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [548264 2012-06-15] (Splashtop Inc.)
    2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\STacSV64.exe [240640 2009-08-25] (IDT, Inc.)
    2 wltrysvc; "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe" [3066368 2010-02-10] (Broadcom Corporation)

    ========================== Drivers (Whitelisted) =============

    3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-02] (DT Soft Ltd)
    3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
    3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
    2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-04-15] (CyberLink Corp.)
    2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [x]
    3 GPU-Z; \??\C:\Users\User\AppData\Local\Temp\GPU-Z.sys [x]
    2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [x]
    3 X6va005; \??\C:\Users\User\AppData\Local\Temp\005DFA5.tmp [x]
    3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-29 13:14 - 2012-07-29 13:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36ACFADE8A9ADCF6
    2012-07-29 13:09 - 2012-07-29 13:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B49C4E5ECD026B64
    2012-07-29 13:03 - 2012-07-29 13:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B809C6808119114
    2012-07-29 12:55 - 2012-07-29 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6FDDEB4947E9CA3
    2012-07-29 12:49 - 2012-07-29 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.812B5C3EDEF22E52
    2012-07-29 12:44 - 2012-07-29 12:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02020D64FB66AFBE
    2012-07-29 12:38 - 2012-07-29 12:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6B231CDB8834A09
    2012-07-29 12:30 - 2012-07-29 12:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.84975627C69DBC0B
    2012-07-29 12:30 - 2012-07-29 12:30 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sugxviod.sys
    2012-07-29 12:26 - 2012-07-29 12:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFB5E15184CDCBE7
    2012-07-29 12:16 - 2012-07-29 12:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.287C5EF6213BDA97
    2012-07-29 12:09 - 2012-07-29 12:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA18BDA8B78CB390
    2012-07-29 12:02 - 2012-07-29 12:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E55C527928242C7D
    2012-07-29 11:54 - 2012-07-29 11:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C10BD73A0D5D2BD7
    2012-07-29 11:47 - 2012-07-29 11:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.84EAB7D0059B6087
    2012-07-29 11:40 - 2012-07-29 11:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA73E4C08F7D57E4
    2012-07-29 11:31 - 2012-07-29 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC236D077E61A251
    2012-07-29 11:30 - 2010-05-13 14:53 - 00001204 ____A C:\Windows\System32\Drivers\etc\hosts.20120729-153039.backup
    2012-07-29 11:17 - 2012-07-29 11:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02EB557A98B2BA76
    2012-07-29 11:09 - 2012-07-29 11:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F88255341BEF794
    2012-07-29 10:57 - 2012-07-29 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-29 10:53 - 2012-07-29 10:55 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Desktop\mseinstall.exe
    2012-07-29 10:16 - 2012-07-29 11:10 - 306232754 ____A C:\Users\User\Desktop\The.Armory.v2.5.Final.fomod.7z
    2012-07-29 10:08 - 2012-07-29 10:08 - 01656281 ____A C:\Users\User\Desktop\Waster_Scarf_Fixed_2_0-35597.rar
    2012-07-29 09:57 - 2012-07-29 10:17 - 112147177 ____A C:\Users\User\Desktop\Project_Nevada_2_5-40040-2-5.7z
    2012-07-29 09:50 - 2012-07-29 09:51 - 07195077 ____A C:\Users\User\Desktop\Western_Sky_Beta_3-4-35497-0-3-3.zip
    2012-07-29 09:49 - 2012-07-29 09:52 - 18503434 ____A C:\Users\User\Desktop\Geonox_Riot_Armor_v1_1-38887-1-1.rar
    2012-07-29 09:48 - 2012-07-29 09:48 - 00751325 ____A C:\Users\User\Desktop\nvse_2_beta12.zip
    2012-07-29 09:48 - 2012-07-29 09:48 - 00209885 ____A C:\Users\User\Desktop\The_Weapon_Mod_Menu-44515-1-1.zip
    2012-07-29 09:45 - 2012-07-29 09:45 - 00001229 ____A C:\Users\User\Desktop\Fellout_for_Old_World_Blues-34888-1-0.zip
    2012-07-29 09:44 - 2012-07-29 09:44 - 00020841 ____A C:\Users\User\Desktop\Fellout_1_4_1-34888-1-4-1.zip
    2012-07-29 09:38 - 2012-07-29 09:42 - 37562826 ____A C:\Users\User\Desktop\ST_Robot_Race_v2-43732-2-0.zip
    2012-07-29 09:29 - 2012-07-29 09:38 - 48583765 ____A C:\Users\User\Desktop\UHNV-V4-3-37884-4-3.zip
    2012-07-29 09:26 - 2012-07-29 09:28 - 11269361 ____A C:\Users\User\Desktop\Interior_Lighting_Overhaul-35794-6-4.7z
    2012-07-29 08:58 - 2012-07-29 08:58 - 01404186 ____A (Q, Timeslip ) C:\Users\User\Desktop\FOMM-36901-0-13-21.exe
    2012-07-29 06:50 - 2012-07-29 06:50 - 00000000 ____D C:\Program Files (x86)\A Nation of Wind
    2012-07-28 09:20 - 2012-07-28 09:20 - 00000000 ____D C:\Users\User\Documents\Shiner
    2012-07-27 20:50 - 2012-07-27 20:51 - 47105625 ____A C:\Users\User\Desktop\arlower-full-strengthened1.STL
    2012-07-26 03:29 - 2012-07-26 05:27 - 00000000 ____D C:\Users\User\Downloads\Jezabels
    2012-07-26 03:29 - 2012-07-26 03:33 - 00000000 ____D C:\Users\User\Downloads\The Jezabels - Prisoner 2CD (2011)
    2012-07-25 23:42 - 2012-07-26 00:21 - 00000000 ____D C:\Users\User\Downloads\The Bounty
    2012-07-25 23:40 - 2012-07-26 00:21 - 00000000 ____D C:\Users\User\Downloads\House of Games (1987)
    2012-07-25 09:32 - 2012-07-25 09:32 - 00000000 ____D C:\Windows\SysWOW64\spool
    2012-07-25 09:30 - 2012-07-25 09:30 - 00800824 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\DPInst.exe
    2012-07-25 09:30 - 2012-07-25 09:30 - 00106496 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\gacutil.exe
    2012-07-25 09:30 - 2012-07-25 09:30 - 00036352 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\PnPutil.exe
    2012-07-25 09:30 - 2012-07-25 09:30 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-25 09:30 - 2012-07-25 09:30 - 00000000 ____D C:\Users\Default\AppData\Roaming\KODAK AiO Home Center356323562
    2012-07-25 07:17 - 2012-07-25 07:17 - 00000000 ____D C:\eForm4473
    2012-07-24 17:35 - 2012-07-24 10:33 - 290767197 ____A C:\Users\User\Desktop\Breaking.Bad.S05E02.Madrigal.HDTV.x264-FQM.mp4
    2012-07-23 22:36 - 2012-07-23 22:36 - 00000978 ____A C:\Users\User\Desktop\Untitled 1.odt - Shortcut.lnk
    2012-07-18 04:52 - 2012-07-18 04:52 - 00000000 ____D C:\Users\User\AppData\Local\SWTOR
    2012-07-17 17:07 - 2012-07-17 17:07 - 00000000 ____D C:\Users\User\Desktop\Frogatto_1.1.1_Win
    2012-07-17 10:23 - 2012-07-17 10:23 - 00001981 ____A C:\Users\Public\Desktop\Enjin Client.lnk
    2012-07-17 10:23 - 2012-07-17 10:23 - 00000000 ____D C:\Program Files (x86)\Overwolf
    2012-07-17 10:20 - 2012-07-17 10:33 - 00000000 ____D C:\Users\User\AppData\Local\Overwolf
    2012-07-17 10:20 - 2012-07-17 10:20 - 00853944 ____A (Overwolf) C:\Users\User\Downloads\EnjinInstaller.exe
    2012-07-17 10:17 - 2012-07-17 10:17 - 00001164 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    2012-07-17 10:15 - 2012-07-17 10:16 - 29840912 ____A (TeamSpeak Systems GmbH) C:\Users\User\Downloads\TeamSpeak3-Client-win32-3.0.8.exe
    2012-07-16 11:54 - 2012-07-16 11:54 - 00000000 ____D C:\Users\User\Documents\intrusion2
    2012-07-16 11:54 - 2012-07-16 11:54 - 00000000 ____D C:\Program Files (x86)\Intrusion2
    2012-07-15 22:08 - 2012-07-16 15:15 - 00000000 ____D C:\Users\User\Downloads\543 For Dummies E-Books - )_)ReUpLd)_)
    2012-07-15 09:37 - 2012-07-15 10:01 - 00000000 ____D C:\Program Files (x86)\Real Lives 2010
    2012-07-15 09:37 - 2009-07-20 09:34 - 00409600 ____A (ActiveLock) C:\Windows\SysWOW64\activelock1884.ocx
    2012-07-14 15:24 - 2012-07-14 15:24 - 00001451 ____A C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
    2012-07-14 15:22 - 2012-07-14 15:24 - 00014560 ____A C:\Users\User\Documents\Install STAR WARS The Old Republic.log
    2012-07-14 06:21 - 2012-07-14 07:04 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
    2012-07-13 20:40 - 2012-07-13 20:40 - 00000000 ____D C:\Users\User\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
    2012-07-13 16:31 - 2012-07-28 09:19 - 00055305 ____A C:\Windows\DirectX.log
    2012-07-13 16:29 - 2012-07-13 16:30 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2
    2012-07-13 13:43 - 2012-07-13 13:43 - 00000000 ____D C:\Users\User\AppData\Local\SIX_Projects
    2012-07-13 13:05 - 2012-07-13 16:29 - 00000000 ____D C:\Users\User\AppData\Roaming\six-updater
    2012-07-13 13:05 - 2012-07-13 13:05 - 00000000 ____D C:\Users\User\AppData\Roaming\six-zsync
    2012-07-13 13:04 - 2012-07-13 13:04 - 00000000 ____D C:\Program Files (x86)\SIX Projects
    2012-07-12 14:38 - 2012-07-12 14:39 - 00000000 ____D C:\Users\User\Documents\GTA San Andreas User Files
    2012-07-11 21:08 - 2012-07-11 21:11 - 00000000 ____D C:\Users\User\Desktop\Erasure - Hits [The Very Best of Erasure]
    2012-07-11 09:45 - 2012-07-11 09:45 - 00000000 ____D C:\Users\User\Documents\07-11-2012
    2012-07-11 08:31 - 2012-07-11 08:32 - 00000000 ____D C:\Users\User\AppData\Local\GOG.com
    2012-07-11 08:31 - 2012-07-11 08:31 - 03743472 ____A (GOG.com ) C:\Users\User\Downloads\Setup_Downloader_3.0.51b.exe
    2012-07-09 14:34 - 2012-07-12 00:22 - 00000000 ____D C:\Users\User\Downloads\Freespace 1 & 2 - Gog.com Versions
    2012-07-08 15:18 - 2012-07-08 15:19 - 00000000 ____D C:\Program Files (x86)\WinLauncherXP
    2012-07-08 15:18 - 2012-07-08 15:18 - 00000995 ____A C:\Users\UpdatusUser\Desktop\WinLauncherXP.lnk
    2012-07-08 14:52 - 2012-07-08 14:52 - 03889704 ____A (Piriform Ltd) C:\Users\User\Downloads\ccsetup320.exe
    2012-07-08 14:52 - 2012-07-08 14:52 - 03889704 ____A (Piriform Ltd) C:\Users\User\Downloads\ccsetup320 (1).exe
    2012-07-08 13:57 - 2012-07-12 00:33 - 00000000 ____D C:\Users\User\Downloads\The Wire Season 1, 2, 3, 4 & 5 Complete Collection DVD Box Set HDTV + Extras (Interviews, Commentaries, Bonus Features etc.)
    2012-07-08 09:26 - 2012-07-08 09:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++
    2012-07-08 09:26 - 2012-07-08 09:26 - 00001053 ____A C:\Users\UpdatusUser\Desktop\Notepad++.lnk
    2012-07-08 09:26 - 2012-07-08 09:26 - 00000000 ____D C:\Program Files (x86)\Notepad++
    2012-07-08 09:25 - 2012-07-08 09:25 - 05811050 ____A C:\Users\User\Downloads\npp.6.1.5.Installer.exe
    2012-07-07 16:55 - 2012-07-08 09:21 - 00000000 ____D C:\Users\User\Documents\Endless Space
    2012-07-07 13:11 - 2012-07-07 13:11 - 00000000 ____D C:\Users\User\Downloads\The Beatles - Revolver (1966) WMA320
    2012-07-07 13:10 - 2012-07-07 13:14 - 00000000 ____D C:\Users\User\Downloads\The Beatles - Rubber Soul
    2012-07-07 05:52 - 2012-07-07 05:52 - 00000000 ____D C:\Program Files\ffdshow
    2012-07-07 05:52 - 2012-04-08 20:47 - 00092160 ____A C:\Windows\System32\ff_vfw.dll
    2012-07-07 05:52 - 2012-04-08 20:45 - 00053760 ____A C:\Windows\System32\ff_acm.acm
    2012-07-06 13:40 - 2012-07-06 13:40 - 00000000 ____D C:\Program Files (x86)\RUNNING WITH RIFLES Demo
    2012-07-05 14:35 - 2012-07-05 14:35 - 00000000 ____D C:\Users\User\AppData\Local\IsolatedStorage
    2012-07-05 13:11 - 2012-07-05 13:26 - 574566400 ____A C:\Users\User\Downloads\System.Shock.2.PC.Game.[FROSTY].iso
    2012-07-05 08:19 - 2012-07-05 08:19 - 00010952 ____A C:\Users\User\Desktop\windsurfer-Pocket-To-Do-b548211.zip
    2012-07-05 08:05 - 2012-07-05 08:05 - 00000000 ____D C:\Program Files (x86)\Cubemen
    2012-06-30 08:33 - 2012-06-30 08:33 - 00000000 ____D C:\Users\User\Desktop\opentyrian-628c01-win32
    2012-06-30 08:33 - 2012-06-30 08:33 - 00000000 ____D C:\Users\User\Desktop\coskyoto
    2012-06-30 08:32 - 2012-06-30 08:32 - 00000000 ____D C:\Users\User\Desktop\Wasteland+(1987)(Electronic+Arts+Inc)
    2012-06-30 08:32 - 2012-06-30 08:32 - 00000000 ____D C:\Users\User\Desktop\shadpres
    2012-06-30 08:32 - 2012-06-30 08:32 - 00000000 ____D C:\Users\User\Desktop\fantavision
    2012-06-30 08:32 - 2012-06-30 08:32 - 00000000 ____D C:\Users\User\Desktop\Alter+Ego-+Male+(1986)(Activision,+Inc.)+[Simulation]
    2012-06-30 08:28 - 2012-06-30 08:28 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74


    ============ 3 Months Modified Files ========================

    2012-07-29 13:14 - 2012-07-29 13:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36ACFADE8A9ADCF6
    2012-07-29 13:12 - 2012-06-15 13:39 - 00007784 ____A C:\Windows\setupact.log
    2012-07-29 13:12 - 2011-05-15 09:09 - 00000322 ____A C:\Windows\Tasks\GlaryInitialize.job
    2012-07-29 13:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-29 13:10 - 2011-06-07 16:14 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-440589180-3775189021-4104999474-1003UA.job
    2012-07-29 13:09 - 2012-07-29 13:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B49C4E5ECD026B64
    2012-07-29 13:06 - 2012-04-29 10:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-29 13:03 - 2012-07-29 13:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B809C6808119114
    2012-07-29 12:55 - 2012-07-29 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6FDDEB4947E9CA3
    2012-07-29 12:49 - 2012-07-29 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.812B5C3EDEF22E52
    2012-07-29 12:44 - 2012-07-29 12:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02020D64FB66AFBE
    2012-07-29 12:38 - 2012-07-29 12:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6B231CDB8834A09
    2012-07-29 12:30 - 2012-07-29 12:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.84975627C69DBC0B
    2012-07-29 12:30 - 2012-07-29 12:30 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sugxviod.sys
    2012-07-29 12:26 - 2012-07-29 12:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFB5E15184CDCBE7
    2012-07-29 12:16 - 2012-07-29 12:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.287C5EF6213BDA97
    2012-07-29 12:09 - 2012-07-29 12:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA18BDA8B78CB390
    2012-07-29 12:02 - 2012-07-29 12:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E55C527928242C7D
    2012-07-29 11:54 - 2012-07-29 11:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C10BD73A0D5D2BD7
    2012-07-29 11:47 - 2012-07-29 11:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.84EAB7D0059B6087
    2012-07-29 11:40 - 2012-07-29 11:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA73E4C08F7D57E4
    2012-07-29 11:31 - 2012-07-29 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC236D077E61A251
    2012-07-29 11:17 - 2012-07-29 11:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02EB557A98B2BA76
    2012-07-29 11:10 - 2012-07-29 10:16 - 306232754 ____A C:\Users\User\Desktop\The.Armory.v2.5.Final.fomod.7z
    2012-07-29 11:09 - 2012-07-29 11:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F88255341BEF794
    2012-07-29 11:02 - 2011-05-13 16:17 - 00002198 ____A C:\Windows\epplauncher.mif
    2012-07-29 10:57 - 2010-02-10 07:14 - 00798462 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-29 10:55 - 2012-07-29 10:53 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Desktop\mseinstall.exe
    2012-07-29 10:17 - 2012-07-29 09:57 - 112147177 ____A C:\Users\User\Desktop\Project_Nevada_2_5-40040-2-5.7z
    2012-07-29 10:08 - 2012-07-29 10:08 - 01656281 ____A C:\Users\User\Desktop\Waster_Scarf_Fixed_2_0-35597.rar
    2012-07-29 09:52 - 2012-07-29 09:49 - 18503434 ____A C:\Users\User\Desktop\Geonox_Riot_Armor_v1_1-38887-1-1.rar
    2012-07-29 09:51 - 2012-07-29 09:50 - 07195077 ____A C:\Users\User\Desktop\Western_Sky_Beta_3-4-35497-0-3-3.zip
    2012-07-29 09:48 - 2012-07-29 09:48 - 00751325 ____A C:\Users\User\Desktop\nvse_2_beta12.zip
    2012-07-29 09:48 - 2012-07-29 09:48 - 00209885 ____A C:\Users\User\Desktop\The_Weapon_Mod_Menu-44515-1-1.zip
    2012-07-29 09:45 - 2012-07-29 09:45 - 00001229 ____A C:\Users\User\Desktop\Fellout_for_Old_World_Blues-34888-1-0.zip
    2012-07-29 09:44 - 2012-07-29 09:44 - 00020841 ____A C:\Users\User\Desktop\Fellout_1_4_1-34888-1-4-1.zip
    2012-07-29 09:42 - 2012-07-29 09:38 - 37562826 ____A C:\Users\User\Desktop\ST_Robot_Race_v2-43732-2-0.zip
    2012-07-29 09:38 - 2012-07-29 09:29 - 48583765 ____A C:\Users\User\Desktop\UHNV-V4-3-37884-4-3.zip
    2012-07-29 09:28 - 2012-07-29 09:26 - 11269361 ____A C:\Users\User\Desktop\Interior_Lighting_Overhaul-35794-6-4.7z
    2012-07-29 08:58 - 2012-07-29 08:58 - 01404186 ____A (Q, Timeslip ) C:\Users\User\Desktop\FOMM-36901-0-13-21.exe
    2012-07-29 07:51 - 2010-02-10 07:18 - 01940449 ____A C:\Windows\WindowsUpdate.log
    2012-07-28 16:10 - 2011-06-07 16:14 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-440589180-3775189021-4104999474-1003Core.job
    2012-07-28 09:19 - 2012-07-13 16:31 - 00055305 ____A C:\Windows\DirectX.log
    2012-07-28 08:42 - 2009-07-13 20:45 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-28 08:42 - 2009-07-13 20:45 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-27 20:51 - 2012-07-27 20:50 - 47105625 ____A C:\Users\User\Desktop\arlower-full-strengthened1.STL
    2012-07-26 17:05 - 2012-04-29 10:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-26 17:05 - 2011-07-07 04:12 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-26 03:28 - 2011-12-20 20:21 - 00000132 ____A C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-07-25 19:25 - 2012-06-27 15:34 - 00005270 ____A C:\Windows\PFRO.log
    2012-07-25 09:30 - 2012-07-25 09:30 - 00800824 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\DPInst.exe
    2012-07-25 09:30 - 2012-07-25 09:30 - 00106496 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\gacutil.exe
    2012-07-25 09:30 - 2012-07-25 09:30 - 00036352 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\PnPutil.exe
    2012-07-24 17:36 - 2009-07-13 21:13 - 00784486 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-24 10:33 - 2012-07-24 17:35 - 290767197 ____A C:\Users\User\Desktop\Breaking.Bad.S05E02.Madrigal.HDTV.x264-FQM.mp4
    2012-07-23 22:36 - 2012-07-23 22:36 - 00000978 ____A C:\Users\User\Desktop\Untitled 1.odt - Shortcut.lnk
    2012-07-23 22:00 - 2012-05-06 15:28 - 00000356 ____A C:\Windows\Tasks\Quark Updater.job
    2012-07-17 10:23 - 2012-07-17 10:23 - 00001981 ____A C:\Users\Public\Desktop\Enjin Client.lnk
    2012-07-17 10:20 - 2012-07-17 10:20 - 00853944 ____A (Overwolf) C:\Users\User\Downloads\EnjinInstaller.exe
    2012-07-17 10:17 - 2012-07-17 10:17 - 00001164 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    2012-07-17 10:16 - 2012-07-17 10:15 - 29840912 ____A (TeamSpeak Systems GmbH) C:\Users\User\Downloads\TeamSpeak3-Client-win32-3.0.8.exe
    2012-07-16 21:15 - 2009-07-13 20:45 - 04865424 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-15 10:22 - 2011-04-29 13:54 - 00068344 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-14 15:24 - 2012-07-14 15:24 - 00001451 ____A C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
    2012-07-14 15:24 - 2012-07-14 15:22 - 00014560 ____A C:\Users\User\Documents\Install STAR WARS The Old Republic.log
    2012-07-11 08:31 - 2012-07-11 08:31 - 03743472 ____A (GOG.com ) C:\Users\User\Downloads\Setup_Downloader_3.0.51b.exe
    2012-07-08 15:18 - 2012-07-08 15:18 - 00000995 ____A C:\Users\UpdatusUser\Desktop\WinLauncherXP.lnk
    2012-07-08 14:52 - 2012-07-08 14:52 - 03889704 ____A (Piriform Ltd) C:\Users\User\Downloads\ccsetup320.exe
    2012-07-08 14:52 - 2012-07-08 14:52 - 03889704 ____A (Piriform Ltd) C:\Users\User\Downloads\ccsetup320 (1).exe
    2012-07-08 09:26 - 2012-07-08 09:26 - 00001053 ____A C:\Users\UpdatusUser\Desktop\Notepad++.lnk
    2012-07-08 09:25 - 2012-07-08 09:25 - 05811050 ____A C:\Users\User\Downloads\npp.6.1.5.Installer.exe
    2012-07-06 13:40 - 2011-04-29 16:16 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-07-06 13:40 - 2011-04-29 16:16 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-07-06 13:40 - 2011-04-29 16:16 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-07-06 13:40 - 2011-04-29 16:16 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-07-05 13:26 - 2012-07-05 13:11 - 574566400 ____A C:\Users\User\Downloads\System.Shock.2.PC.Game.[FROSTY].iso
    2012-07-05 08:19 - 2012-07-05 08:19 - 00010952 ____A C:\Users\User\Desktop\windsurfer-Pocket-To-Do-b548211.zip
    2012-06-30 13:05 - 2009-07-13 21:08 - 00032638 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-27 14:13 - 2012-06-27 14:13 - 00000000 ____A C:\Windows\PowerReg.dat
    2012-06-25 16:04 - 2012-06-01 14:59 - 732219392 ____A C:\Users\User\Downloads\Looking For Comedy In The Muslim World.avi
    2012-06-21 13:03 - 2012-06-21 13:03 - 00002239 ____A C:\Users\UpdatusUser\Desktop\SWAT 4 - The Stetchkov Syndicate.lnk
    2012-06-21 12:28 - 2012-06-21 12:28 - 00007110 ____A C:\Users\User\Documents\Eula.txt
    2012-06-15 13:39 - 2012-06-15 13:39 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-14 10:54 - 2012-06-14 10:54 - 00038675 ____A C:\Users\User\Documents\chom.odt
    2012-06-13 06:37 - 2012-06-13 06:36 - 00000030 ____A C:\Users\User\Documents\BATTLENETRESTORE.txt
    2012-06-11 11:42 - 2012-06-11 11:42 - 00286720 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
    2012-06-11 11:42 - 2012-06-11 11:42 - 00073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
    2012-06-07 15:16 - 2012-06-07 15:13 - 42418094 ____A C:\Users\User\Downloads\Cortex Command B27.zip
    2012-06-02 14:19 - 2012-06-21 04:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 04:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 04:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 04:48 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 04:48 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 04:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 04:48 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 04:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-21 04:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-30 14:03 - 2012-05-30 14:03 - 00000355 ____A C:\Users\User\Documents\Homegroup - Shortcut.lnk
    2012-05-29 13:56 - 2012-05-29 13:56 - 452975542 ____A C:\Users\User\Downloads\LSD Dream Emulator.rar
    2012-05-22 15:05 - 2012-04-19 16:47 - 00001202 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade Warband - Napoleonic Wars.lnk
    2012-05-22 14:58 - 2012-04-19 16:42 - 00001142 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade Warband.lnk
    2012-05-22 09:12 - 2012-05-22 09:12 - 00139985 ____A C:\Users\User\Downloads\large.jpeg
    2012-05-14 11:27 - 2012-05-14 11:27 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-14 11:27 - 2012-03-22 15:59 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-05-14 11:27 - 2012-03-22 15:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-05-14 11:27 - 2012-03-22 15:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-05-14 11:27 - 2011-05-15 09:07 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-08 11:57 - 2012-05-08 11:32 - 1564620800 ____A C:\Users\User\Downloads\Macbeth - Roman Polanski (1971).avi
    2012-05-05 18:19 - 2012-05-05 18:19 - 00000997 ____A C:\Users\UpdatusUser\Desktop\ATITool.lnk
    2012-05-04 12:39 - 2012-05-04 11:26 - 00183772 ____A C:\Users\User\Desktop\DilksOut_backup-2012-05-04.txt
    2012-05-02 20:33 - 2012-05-02 20:33 - 00021836 ____A C:\Users\User\Documents\poems.odt
    2012-05-02 09:43 - 2012-05-02 09:43 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys


    ZeroAccess:
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\n
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L\00000004.@
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L\201d3dde
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U\00000004.@
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U\00000008.@
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U\000000cb.@
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U\80000000.@
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U\80000032.@
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U\80000064.@

    ZeroAccess:
    C:\Users\User\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}
    C:\Users\User\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@
    C:\Users\User\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L
    C:\Users\User\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3838.36 MB
    Available physical RAM: 3246.2 MB
    Total Pagefile: 3836.51 MB
    Available Pagefile: 3236.9 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:456.15 GB) (Free:51.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    4 Drive f: () (Removable) (Total:3.75 GB) (Free:1.27 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 2048 KB
    Disk 1 Online 3839 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 456 GB 1024 KB
    Partition 2 OEM 9 GB 456 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 456 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 12
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 Respawn Rec NTFS Partition 9 GB Healthy Hidden

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 3839 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-28 08:59

    ======================= End Of Log ==========================

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-29 17:27:28
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\WINDOWS\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  4. Broni

    Broni Malware Annihilator Posts: 46,422   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  5. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    Critical shutdown error's ceased. I'm attempting to run combofix from my desktop in normal mode- it warns me repeatedly that MSE is running even though I disabled realtime scanning, and then uninstalled it. Should I run it despite the warnings?

    update: I've decided to run combofix. I figure it's just detecting residuals of MSE
  6. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    Everything seemed to go as planned. Here's the combofix log first- the fixlog will be in the following post...

    ComboFix 12-07-29.02 - User 07/29/2012 20:20:06.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2034 [GMT -4:00]
    Running from: c:\users\User\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Default\AppData\Roaming\DPInst.exe
    c:\users\Default\AppData\Roaming\gacutil.exe
    c:\users\Default\AppData\Roaming\PnPutil.exe
    c:\windows\SysWow64\tmpE4D2.tmp
    c:\windows\SysWow64\tmpE4E3.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-30 01:24 . 2012-07-30 01:24 -------- d-----w- C:\FRST
    2012-07-30 00:30 . 2012-07-30 00:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-30 00:30 . 2012-07-30 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-29 14:50 . 2012-07-29 14:50 -------- d-----w- c:\program files (x86)\A Nation of Wind
    2012-07-25 17:32 . 2012-07-25 17:32 -------- d-----w- c:\windows\SysWow64\spool
    2012-07-25 17:30 . 2012-07-25 17:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-25 17:30 . 2012-07-25 17:30 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center356323562
    2012-07-25 15:17 . 2012-07-25 15:17 -------- d-----w- C:\eForm4473
    2012-07-19 11:47 . 2009-09-10 04:08 94208 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_bc7077fe6bc24f707c4cd9b5215e54a53d25c96_cab_0fd1aa7c\OSD_Main.exe
    2012-07-18 12:52 . 2012-07-18 12:52 -------- d-----w- c:\users\User\AppData\Local\SWTOR
    2012-07-17 18:23 . 2012-07-17 18:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-07-17 18:23 . 2012-07-17 18:23 -------- d-----w- c:\program files (x86)\Overwolf
    2012-07-17 18:23 . 2012-07-17 18:23 -------- d-----w- c:\program files (x86)\Common Files\Overwolf
    2012-07-17 18:20 . 2012-07-17 18:33 -------- d-----w- c:\users\User\AppData\Local\Overwolf
    2012-07-17 18:13 . 2012-07-17 18:13 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-07-17 18:13 . 2012-07-17 18:13 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-07-16 19:54 . 2012-07-16 19:54 -------- d-----w- c:\program files (x86)\Intrusion2
    2012-07-15 17:37 . 2012-07-15 18:01 -------- d-----w- c:\program files (x86)\Real Lives 2010
    2012-07-15 17:37 . 2009-07-20 17:34 409600 ----a-w- c:\windows\SysWow64\activelock1884.ocx
    2012-07-14 23:23 . 2012-07-14 23:23 -------- d-----w- c:\program files (x86)\Common Files\BioWare
    2012-07-14 14:21 . 2012-07-14 15:04 -------- d-----w- c:\users\User\AppData\Local\ArmA 2 OA
    2012-07-14 04:40 . 2012-07-14 04:40 -------- d-----w- c:\users\User\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
    2012-07-14 00:29 . 2012-07-14 00:30 -------- d-----w- c:\users\User\AppData\Local\ArmA 2
    2012-07-13 21:43 . 2012-07-13 21:43 -------- d-----w- c:\users\User\AppData\Local\SIX_Projects
    2012-07-13 21:05 . 2012-07-14 00:29 -------- d-----w- c:\users\User\AppData\Roaming\six-updater
    2012-07-13 21:05 . 2012-07-13 21:05 -------- d-----w- c:\users\User\AppData\Roaming\six-zsync
    2012-07-13 21:04 . 2012-07-13 21:04 -------- d-----w- c:\program files (x86)\SIX Projects
    2012-07-11 16:31 . 2012-07-11 16:32 -------- d-----w- c:\users\User\AppData\Local\GOG.com
    2012-07-08 23:18 . 2012-07-08 23:19 -------- d-----w- c:\program files (x86)\WinLauncherXP
    2012-07-08 17:26 . 2012-07-08 17:31 -------- d-----w- c:\users\User\AppData\Roaming\Notepad++
    2012-07-08 17:26 . 2012-07-08 17:26 -------- d-----w- c:\program files (x86)\Notepad++
    2012-07-07 23:53 . 2012-07-07 23:53 -------- d-----w- c:\programdata\REVOLT
    2012-07-07 13:52 . 2012-04-09 04:45 53760 ----a-w- c:\windows\system32\ff_acm.acm
    2012-07-07 13:52 . 2012-04-09 04:47 92160 ----a-w- c:\windows\system32\ff_vfw.dll
    2012-07-07 13:52 . 2012-07-07 13:52 -------- d-----w- c:\program files\ffdshow
    2012-07-06 21:40 . 2012-07-06 21:41 -------- d-----w- c:\programdata\RUNNING WITH RIFLES Demo
    2012-07-06 21:40 . 2012-07-06 21:40 -------- d-----w- c:\program files (x86)\RUNNING WITH RIFLES Demo
    2012-07-05 22:35 . 2012-07-05 22:35 -------- d-----w- c:\users\User\AppData\Local\IsolatedStorage
    2012-07-05 16:05 . 2012-07-05 16:05 -------- d-----w- c:\program files (x86)\Cubemen
    2012-06-30 16:28 . 2012-06-30 16:28 -------- d-----w- c:\program files (x86)\DOSBox-0.74
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 01:05 . 2012-04-29 18:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-27 01:05 . 2011-07-07 12:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-06 21:40 . 2011-04-30 00:16 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-07-06 21:40 . 2011-04-30 00:16 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-07-06 21:40 . 2011-04-30 00:16 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-07-06 21:40 . 2011-04-30 00:16 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-06-11 19:42 . 2012-06-11 19:42 286720 ------w- c:\windows\Setup1.exe
    2012-06-11 19:42 . 2012-06-11 19:42 73216 ----a-w- c:\windows\ST6UNST.EXE
    2012-06-02 22:19 . 2012-06-21 12:48 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 12:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 12:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 12:49 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 12:48 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 12:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 12:48 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 12:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 12:48 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-14 19:27 . 2012-05-14 19:27 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-14 19:27 . 2011-05-15 17:07 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-05-02 17:43 . 2012-05-02 17:43 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1f32b6ba-1806-4e09-b750-3d61209f70f5}"= "c:\program files (x86)\Serif_PagePlus\prxtbSeri.dll" [2011-05-09 176936]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1f32b6ba-1806-4e09-b750-3d61209f70f5}]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1f32b6ba-1806-4e09-b750-3d61209f70f5}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Serif_PagePlus\prxtbSeri.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{1f32b6ba-1806-4e09-b750-3d61209f70f5}"= "c:\program files (x86)\Serif_PagePlus\prxtbSeri.dll" [2011-05-09 176936]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1f32b6ba-1806-4e09-b750-3d61209f70f5}]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
    "WallpaperChanger"="c:\program files (x86)\Wallpaper Master\Wallpaper.exe" [2005-11-08 321536]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-23 3077528]
    "DeadIslandHelper"="c:\games and programs\Dead Island Helper.exe" [2011-09-24 189952]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SpiderOak"="c:\program files (x86)\SpiderOak\SpiderOak.exe" [2011-06-16 53760]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    "F.lux"="c:\users\User\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-12 880496]
    "Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-01 932528]
    "Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2012-07-15 35256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "OSD"="c:\program files\OSD\Launch.exe" [2009-05-12 36864]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-29 75048]
    "FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SpybotSnD"="c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    .
    c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli FAPassSync
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-03-22 131912]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
    R3 GPU-Z;GPU-Z;c:\users\User\AppData\Local\Temp\GPU-Z.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2012-07-15 18360]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-12 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    R3 X6va005;X6va005;c:\users\User\AppData\Local\Temp\005DFA5.tmp [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-02 283200]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/10 07:34];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-16 07:28 146928]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\AESTSr64.exe [2009-03-03 89600]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
    S2 CustomSvc;Vista Session Launcher Service;c:\program files\OSD\Service1.exe [2009-02-20 13312]
    S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-06-15 548264]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 35104]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 01:05]
    .
    2012-07-30 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2011-05-15 21:24]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-440589180-3775189021-4104999474-1003Core.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-08 00:14]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-440589180-3775189021-4104999474-1003UA.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-08 00:14]
    .
    2012-07-24 c:\windows\Tasks\Quark Updater.job
    - c:\program files (x86)\Quark\Quark Update\AutoUpdate.exe [2011-11-25 18:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-26 487424]
    "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2010-02-10 4620288]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-10 171520]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-09-22 1692264]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jbdlc6h7.default\
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - user.js: extentions.y2layers.installId - b4a2610f-1b4f-4335-9758-b2abc6ebee31
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    HKLM-Run-OSD CC - c:\program files (x86)\OSD\Launch_CC.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
    AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
    AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005]
    "ImagePath"="\??\c:\users\User\AppData\Local\Temp\005DFA5.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-440589180-3775189021-4104999474-1003\Software\SecuROM\License information*]
    "datasecu"=hex:47,16,a0,0b,64,b0,a6,c6,9d,92,17,d6,a1,13,30,d1,72,86,19,14,69,
    3d,32,bf,f9,43,3a,49,8b,e7,0c,01,46,be,09,13,3f,94,2d,7d,3b,03,ff,ca,dc,42,\
    "rkeysecu"=hex:ad,b4,b8,96,a9,1a,bb,25,74,95,f4,c0,11,b0,0c,7a
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-07-29 20:41:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-30 00:41
    .
    Pre-Run: 55,102,345,216 bytes free
    Post-Run: 54,903,341,056 bytes free
    .
    - - End Of File - - 081821FD33C024839388E19DCD107D74
  7. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-29 19:39:59 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.36ACFADE8A9ADCF6 moved successfully.
    C:\Windows\System32\services.exe.B49C4E5ECD026B64 moved successfully.
    C:\Windows\System32\services.exe.4B809C6808119114 moved successfully.
    C:\Windows\System32\services.exe.D6FDDEB4947E9CA3 moved successfully.
    C:\Windows\System32\services.exe.812B5C3EDEF22E52 moved successfully.
    C:\Windows\System32\services.exe.02020D64FB66AFBE moved successfully.
    C:\Windows\System32\services.exe.A6B231CDB8834A09 moved successfully.
    C:\Windows\System32\services.exe.84975627C69DBC0B moved successfully.
    C:\Windows\System32\Drivers\sugxviod.sys moved successfully.
    C:\Windows\System32\services.exe.FFB5E15184CDCBE7 moved successfully.
    C:\Windows\System32\services.exe.287C5EF6213BDA97 moved successfully.
    C:\Windows\System32\services.exe.BA18BDA8B78CB390 moved successfully.
    C:\Windows\System32\services.exe.E55C527928242C7D moved successfully.
    C:\Windows\System32\services.exe.C10BD73A0D5D2BD7 moved successfully.
    C:\Windows\System32\services.exe.84EAB7D0059B6087 moved successfully.
    C:\Windows\System32\services.exe.EA73E4C08F7D57E4 moved successfully.
    C:\Windows\System32\services.exe.AC236D077E61A251 moved successfully.
    C:\Windows\System32\Drivers\etc\hosts.20120729-153039.backup moved successfully.
    C:\Windows\System32\services.exe.02EB557A98B2BA76 moved successfully.
    C:\Windows\System32\services.exe.2F88255341BEF794 moved successfully.
    C:\Windows\Installer\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} moved successfully.
    C:\Users\User\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\WINDOWS\System32\services.exe moved successfully.
    C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\WINDOWS\System32\services.exe

    ==== End of Fixlog ====
  8. Broni

    Broni Malware Annihilator Posts: 46,422   +252

    Good :).

    Any current issues?

    ============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    Everything looks nice. Windows firewall started back up, and the Adobe Flash auto updater ran. Logs:
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    User :: BEEMO [administrator]

    7/29/2012 9:01:20 PM
    mbam-log-2012-07-29 (21-01-20).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234979
    Time elapsed: 5 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    OTL Extras logfile created on: 7/29/2012 9:09:39 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\User\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.47% Memory free
    7.50 Gb Paging File | 5.10 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 456.15 Gb Total Space | 51.24 Gb Free Space | 11.23% Space Free | Partition Type: NTFS
    Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 3.75 Gb Total Space | 1.27 Gb Free Space | 34.01% Space Free | Partition Type: FAT32

    Computer Name: BEEMO | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{74D7D77B-5D21-47C3-A583-AC43322AA654}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B21CE4BB-C3EE-44C5-8B03-829A8DCF78C9}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{900EFAF3-738B-484E-A0B8-E29462383205}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{91F4C3B9-D4E9-4D67-A030-71086B5B4E7B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{19F589FC-BEBD-4832-ABD1-6069CD5FC0F2}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "TCP Query User{FA05B5EC-CFF2-44FD-BA17-FB1102751437}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{3B91172A-AAEE-48F9-B4B4-4766CAD40028}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "UDP Query User{B9BA86AA-0A37-4B3B-B706-9A38F63C03CB}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
    "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.38
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.38
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.38
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "1ECF77EA0B590A72334E5A399ACB5AB27C3D88EE" = Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (05/01/2009 5.1.0000.1)
    "Broadcom Wireless Utility" = Broadcom Wireless Utility
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
    "Defraggler" = Defraggler
    "ffdshow64_is1" = ffdshow x64 v1.2.4422 [2012-04-09]
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Drivers" = NVIDIA Drivers
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1444451B-FF08-4CC5-A639-A9A774AC12C7}" = Easy Phone Tunes
    "{16225228-3EF6-4922-9D67-56EEAB2E9353}_is1" = Intrusion 2 Demo version 1
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
    "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
    "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.0
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83216025F0}" = Java(TM) 6 Update 25
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
    "{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
    "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{354D00E0-C7C9-4BC1-BC12-08C4977AA827}" = SlimDX Redistributable (June 2010)
    "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{4112C8A7-C17E-4729-8A3E-5236176A61BD}_is1" = A Nation of Wind version Beta 1.0
    "{45410935-B52C-468A-A836-0D1000058201}" = BulletStorm
    "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.51
    "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
    "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.1.0
    "{5ABD42BC-4DDD-48C7-9951-48B31F27EC39}_is1" = RUNNING WITH RIFLES Demo version 0.67
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{82154114-943B-4A6F-9B20-073C9573E93E}" = Quark Update
    "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AF7479C-B28D-4BFF-867B-4755DE019259}_is1" = MountMusket Battalion
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{950FE13D-337A-4B4C-BD30-E95EC93484A3}" = Overwolf
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A93F2D1C-9146-41BC-B662-60DB662B1FFA}_is1" = Gnomoria Demo version 0.8.2.1
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
    "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
    "{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
    "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
    "{CE949716-2A5A-40F2-BA31-54CE71B37FE5}" = QuarkXPress
    "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
    "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
    "{ddcbf514-1394-434a-bafd-7426ad849394}" = Nero 9 Essentials
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
    "{E2948988-2C6C-4070-BC8B-A1D77FE97D09}_is1" = Running with rifles version 0.35
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
    "{E78C63C9-9849-45FA-8315-2AE38A293E2E}_is1" = DoomRL version 0.9.9.6
    "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
    "{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Modern Air Combat
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
    "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
    "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "1824-5726-7816-7128" = eForm 4473 Application 2.0
    "1ClickDownloader" = 1ClickDownloader
    "A New Zero" = A New Zero
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Afterburner" = MSI Afterburner 2.2.0
    "AHL2" = AHL2 v2.0
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
    "Armadillo Run_is1" = Armadillo Run 1.0.3
    "ATITool" = ATITool Overclocking Utility
    "Audacity_is1" = Audacity 1.2.6
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "BattlEye for A2" = BattlEye Uninstall
    "BattlEye for OA" = BattlEye for OA Uninstall
    "Blockade Runner1.28" = Blockade Runner
    "Botanicula_is1" = Botanicula
    "Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Cobalt" = Cobalt
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Comical_is1" = Comical 0.8
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "dBpoweramp DSP Effects" = dBpoweramp DSP Effects
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "Diablo II" = Diablo II
    "Diablo III" = Diablo III
    "DivX Codec" = DivX Codec
    "ESN Sonar-0.70.0" = ESN Sonar
    "ESN Sonar-0.70.4" = ESN Sonar
    "FLAC To MP3_is1" = FLAC To MP3 V4.0.4
    "Fraps" = Fraps
    "Freespace 2_is1" = Freespace 2
    "Gary Grigsby's War in the East1.00" = Gary Grigsby's War in the East
    "Glary Utilities_is1" = Glary Utilities 2.33.0.1158
    "Gratuitous Space Battles_is1" = GSB Parasites Expansion Pack
    "ImgBurn" = ImgBurn
    "Impulse" = Impulse
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
    "InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "IrfanView" = IrfanView (remove only)
    "JamestownFinal" = Jamestown
    "King Arthur's Gold (Alpha)_is1" = KAG 0.88A
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "Leaders of VD" = Leaders of VD (remove only)
    "Legend of Grimrock_is1" = Legend of Grimrock
    "LillyLookingThrough_is1" = LillyLookingThrough version 1.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "MKVtoolnix" = MKVtoolnix 2.9.8
    "Mount&Blade Warband" = Mount&Blade Warband
    "Mount&Blade: Warband - Napoleonic Wars" = Mount&Blade: Warband - Napoleonic Wars
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Opera 12.00.1467" = Opera 12.00
    "Origin" = Origin
    "Panzer Corps_is1" = Panzer Corps version 1.0
    "Panzer Corps1.00" = Panzer Corps
    "PrecisionX" = EVGA Precision X 3.0.2
    "Raven_0" = Raven Shield 2.0 English
    "Real Lives 2010" = Real Lives 2010
    "Recettear: An Item Shop's Tale_is1" = Recettear: An Item Shop's Tale
    "Rekkaturvat" = Truck Dismount (remove only)
    "RocketDock_is1" = RocketDock 1.3.5
    "S.W.A.T. 4_is1" = S.W.A.T. 4
    "Sanctum (c) Coffee Stain Studios_is1" = Sanctum (c) Coffee Stain Studios version 1
    "Serif_PagePlus Toolbar" = Serif PagePlus Toolbar
    "Spotify" = Spotify
    "ST6UNST #1" = SAM Simulator
    "Steam App 1200" = Red Orchestra: Ostfront 41-45
    "Steam App 202390" = Vessel Demo
    "Steam App 202480" = Creation Kit
    "Steam App 213510" = Splice
    "Steam App 215020" = Orcs Must Die! 2 Demo
    "Steam App 218" = Source SDK Base 2007
    "Steam App 220" = Half-Life 2
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 320" = Half-Life 2: Deathmatch
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 3483" = Peggle Extreme
    "Steam App 40700" = Machinarium
    "Steam App 41800" = Gratuitous Space Battles
    "Steam App 6910" = Deus Ex: Game of the Year Edition
    "Steam App 7760" = X-COM: UFO Defense
    "Steam App 92800" = SpaceChem
    "Steam App 93200" = Revenge of the Titans
    "Steam App 9500" = Gish
    "Steam App 98800" = Dungeons of Dredmor
    "SystemRequirementsLab" = System Requirements Lab
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "Tiny and Big - Up that Mountain" = Tiny & Big - Up that Mountain (remove only)
    "TrueCrypt" = TrueCrypt
    "Unity_of_Command_DEMO" = Unity of Command DEMO
    "uTorrent" = µTorrent
    "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
    "VLC media player" = VLC media player 1.1.9
    "Voxatron" = Voxatron 0.1.3
    "Wallpaper Master_is1" = Wallpaper Master v2.16
    "WarInThePacificv100" = War in the Pacific v1.00
    "WBFS Manager 3.0" = WBFS Manager 3.0
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLauncherXP_is1" = WinLauncherXP 2.0.5 beta
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "WinSPMBT" = WinSPMBT
    "WinSPWW2 Ver 1.1B Upgrade" = WinSPWW2 Ver 1.1B Upgrade
    "WinSPWW2v1 DL Edition" = WinSPWW2v1 DL Edition
    "WinSPWW2v2 Upgrade" = WinSPWW2v2 Upgrade
    "X3 Editor 2" = X3 Editor 2
    "X-Universe Plugin Manager" = X-Universe Plugin Manager V1.30 by Cycrow
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-440589180-3775189021-4104999474-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "6a8d107093fa4038" = Platformines_Beta
    "Dropbox" = Dropbox
    "Flux" = F.lux
    "FreeTrack v2.2.0.279" = FreeTrack v2.2.0.279
    "Google Chrome" = Google Chrome
    "Spotify" = Spotify
    "UnityWebPlayer" = Unity Web Player
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/9/2012 3:43:46 PM | Computer Name = Beemo | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9456797

    Error - 4/9/2012 3:43:46 PM | Computer Name = Beemo | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9456797

    Error - 4/9/2012 5:04:16 PM | Computer Name = Beemo | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 4/9/2012 5:04:16 PM | Computer Name = Beemo | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 15584

    Error - 4/9/2012 5:04:16 PM | Computer Name = Beemo | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 15584

    Error - 4/10/2012 9:49:56 AM | Computer Name = Beemo | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.254.5:5353 15 5.254.168.192.in-addr.arpa.
    PTR Beemo-2.local.

    Error - 4/10/2012 9:49:56 AM | Computer Name = Beemo | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 13 5.254.168.192.in-addr.arpa.
    PTR Beemo.local.

    Error - 4/10/2012 9:49:56 AM | Computer Name = Beemo | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.254.4:5353 15 4.254.168.192.in-addr.arpa.
    PTR Beemo-2.local.

    Error - 4/10/2012 9:49:56 AM | Computer Name = Beemo | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 13 4.254.168.192.in-addr.arpa.
    PTR Beemo.local.

    Error - 4/10/2012 11:23:42 PM | Computer Name = Beemo | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    [ Broadcom Wireless LAN Events ]
    Error - 5/12/2012 6:51:01 PM | Computer Name = Beemo | Source = WLAN-Tray | ID = 0
    Description = 18:51:00, Sat, May 12, 12 Error - Unable to gain access to user store


    [ Media Center Events ]
    Error - 12/25/2011 10:47:45 AM | Computer Name = Beemo | Source = MCUpdate | ID = 0
    Description = 9:47:45 AM - Failed to retrieve Directory (Error: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


    Error - 1/22/2012 11:34:27 AM | Computer Name = Beemo | Source = MCUpdate | ID = 0
    Description = 10:34:03 AM - Failed to retrieve SportsV2 (Error: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


    Error - 1/22/2012 11:35:35 AM | Computer Name = Beemo | Source = MCUpdate | ID = 0
    Description = 10:34:42 AM - Failed to retrieve Broadband (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    Error - 2/20/2012 3:28:02 PM | Computer Name = Beemo | Source = MCUpdate | ID = 0
    Description = 2:27:57 PM - Failed to retrieve SportsSchedule (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    [ System Events ]
    Error - 7/29/2012 8:31:09 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/29/2012 8:33:55 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
    Fusion Service service to connect.

    Error - 7/29/2012 8:33:55 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7000
    Description = The Alienware Fusion Service service failed to start due to the following
    error: %%1053

    Error - 7/29/2012 8:33:56 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7000
    Description = The atksgt service failed to start due to the following error: %%2

    Error - 7/29/2012 8:33:58 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7000
    Description = The lirsgt service failed to start due to the following error: %%2

    Error - 7/29/2012 8:34:04 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/29/2012 8:44:37 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
    Fusion Service service to connect.

    Error - 7/29/2012 8:44:37 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7000
    Description = The Alienware Fusion Service service failed to start due to the following
    error: %%1053

    Error - 7/29/2012 8:44:52 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7000
    Description = The atksgt service failed to start due to the following error: %%2

    Error - 7/29/2012 8:45:05 PM | Computer Name = Beemo | Source = Service Control Manager | ID = 7000
    Description = The lirsgt service failed to start due to the following error: %%2


    < End of report >
  10. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

  11. Broni

    Broni Malware Annihilator Posts: 46,422   +252

    You posted Extras.txt twice.
    I still need OTL.txt log.
     
  12. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    Sorry about that- it appears the log is over the character limit for a single post.
  13. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    I've carefully copy and pasted it in two parts below:

    OTL logfile created on: 7/29/2012 9:09:39 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\User\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.47% Memory free
    7.50 Gb Paging File | 5.10 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 456.15 Gb Total Space | 51.24 Gb Free Space | 11.23% Space Free | Partition Type: NTFS
    Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 3.75 Gb Total Space | 1.27 Gb Free Space | 34.01% Space Free | Partition Type: FAT32

    Computer Name: BEEMO | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/29 21:01:49 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    PRC - [2012/07/15 18:52:14 | 000,026,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
    PRC - [2012/07/15 18:52:12 | 000,035,256 | ---- | M] (Overwolf) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
    PRC - [2012/06/19 11:14:40 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/06/15 15:44:04 | 000,548,264 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    PRC - [2012/06/13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2012/06/01 12:45:34 | 000,932,528 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/12 18:57:44 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/04/17 11:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2012/03/15 01:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    PRC - [2012/02/16 14:43:41 | 000,076,888 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    PRC - [2011/09/24 08:53:47 | 000,189,952 | ---- | M] (Microsoft) -- C:\Games And Programs\Dead Island Helper.exe
    PRC - [2011/09/22 18:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/09/22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/08/23 13:47:38 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    PRC - [2011/08/02 03:17:52 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/05/21 15:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    PRC - [2010/05/21 15:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    PRC - [2010/04/04 14:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    PRC - [2010/04/04 14:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    PRC - [2010/04/04 14:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
    PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\User\Local Settings\Apps\F.lux\flux.exe
    PRC - [2009/05/15 11:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/04/28 23:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    PRC - [2009/04/16 03:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/02/20 09:13:04 | 000,013,312 | ---- | M] () -- C:\Program Files\OSD\Service1.exe
    PRC - [2009/02/19 10:45:42 | 000,020,480 | ---- | M] (Alienware Corporation) -- C:\Program Files\OSD\Launch_CC.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
    PRC - [2005/11/08 15:13:02 | 000,321,536 | ---- | M] (James Garton) -- C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/15 18:52:28 | 000,476,600 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWServer.dll
    MOD - [2012/07/15 18:52:28 | 000,117,688 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWService.dll
    MOD - [2012/07/15 18:52:28 | 000,080,312 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
    MOD - [2012/07/15 18:52:28 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\Overwolf\BrowserWindow.dll
    MOD - [2012/07/15 18:52:28 | 000,023,480 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWInjector.dll
    MOD - [2012/07/15 18:52:24 | 012,452,280 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
    MOD - [2012/07/15 18:52:20 | 000,074,680 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorer-1066.dll
    MOD - [2012/07/15 18:52:20 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Overwolf\CoreAudioApi.dll
    MOD - [2012/07/15 18:52:14 | 000,028,088 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWLog.dll
    MOD - [2012/07/15 18:52:14 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Overwolf\ODK.AddIns.V1.HostView.dll
    MOD - [2012/07/15 18:52:12 | 000,027,064 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll
    MOD - [2012/06/19 11:14:37 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/19 11:14:35 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/19 11:14:33 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/06/19 11:14:31 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/06/19 11:14:29 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/06/01 12:45:34 | 000,932,528 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2012/04/12 21:20:35 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\688abb339fb8301c37b0889a0d01dfa3\WindowsFormsIntegration.ni.dll
    MOD - [2012/04/12 21:19:15 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\32d21563937263ee3ae9eecfa59fdc3d\System.AddIn.Contract.ni.dll
    MOD - [2012/04/12 21:19:14 | 000,633,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\05c4011ad0068d0af722b4b52677d915\System.AddIn.ni.dll
    MOD - [2012/04/12 21:07:53 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
    MOD - [2012/04/12 21:07:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
    MOD - [2012/04/12 19:18:04 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
    MOD - [2012/04/12 19:18:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
    MOD - [2012/04/12 19:17:42 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\79f80214eded08cc047324ffc7486bb8\System.Data.ni.dll
    MOD - [2012/04/12 19:17:31 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
    MOD - [2012/04/12 19:17:15 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
    MOD - [2012/04/12 19:17:06 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
    MOD - [2012/04/12 19:17:03 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
    MOD - [2012/04/12 19:16:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
    MOD - [2012/04/12 19:16:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
    MOD - [2012/04/12 19:16:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
    MOD - [2012/04/12 19:16:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
    MOD - [2012/04/12 19:16:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    MOD - [2012/03/02 11:48:05 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
    MOD - [2012/03/02 11:48:05 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll
    MOD - [2012/03/02 11:48:05 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll
    MOD - [2012/03/02 11:48:05 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
    MOD - [2012/03/02 11:48:05 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
    MOD - [2012/03/02 11:48:04 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
    MOD - [2012/03/02 11:48:04 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
    MOD - [2012/03/02 11:48:04 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
    MOD - [2012/03/02 11:48:04 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
    MOD - [2012/03/02 11:48:04 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
    MOD - [2012/03/02 11:48:04 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
    MOD - [2012/03/02 11:48:04 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
    MOD - [2012/03/02 11:48:04 | 000,025,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
    MOD - [2012/03/02 11:48:04 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
    MOD - [2012/03/02 11:48:04 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
    MOD - [2012/03/02 11:48:04 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
    MOD - [2012/03/02 11:48:03 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
    MOD - [2011/08/23 13:47:38 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/31 00:01:54 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/11/04 21:53:30 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
    MOD - [2010/11/04 21:53:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    MOD - [2010/04/04 14:45:06 | 000,089,416 | ---- | M] () -- C:\WINDOWS\SysWOW64\FAIEExtension.dll
    MOD - [2010/04/04 14:42:44 | 000,247,624 | ---- | M] () -- C:\WINDOWS\SysWOW64\FACrashRpt.dll
    MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\User\Local Settings\Apps\F.lux\flux.exe
    MOD - [2009/06/24 19:31:45 | 000,059,144 | ---- | M] () -- C:\WINDOWS\SysWOW64\FAib.dll
    MOD - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
    MOD - [2007/09/02 15:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/05/21 11:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
    SRV:64bit: - [2010/04/04 14:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
    SRV:64bit: - [2010/02/10 11:27:55 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009/08/26 01:28:40 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/03/02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2009/02/20 09:13:04 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Program Files\OSD\Service1.exe -- (CustomSvc)
    SRV - [2012/07/29 21:01:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/17 14:13:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/15 18:52:08 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
    SRV - [2012/06/19 11:14:40 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/06/15 15:44:04 | 000,548,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
    SRV - [2012/03/22 19:52:43 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
    SRV - [2012/03/15 01:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
    SRV - [2012/02/16 14:43:41 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
    SRV - [2011/09/22 18:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/09/22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/09/19 16:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/08/26 01:28:40 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\STacSV64.exe -- (STacSV)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/15 11:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/03/02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\AESTSr64.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/02 13:43:20 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/02/06 23:54:01 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
    DRV:64bit: - [2010/07/13 10:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\itecir.sys -- (itecir)
    DRV:64bit: - [2010/02/10 11:27:55 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/02/10 11:27:55 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2009/10/23 14:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
    DRV:64bit: - [2009/08/26 01:28:40 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/07/02 22:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/07/02 22:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/07/02 22:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/07/02 22:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/06/25 21:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009/06/25 20:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2009/06/25 20:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/09/24 23:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
    DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ATITool64.sys -- (ATITool)
    DRV:64bit: - [2006/11/02 16:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/04/16 03:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/10 07:34:26] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {1f32b6ba-1806-4e09-b750-3d61209f70f5} - C:\Program Files (x86)\Serif_PagePlus\prxtbSeri.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3000917


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com


    IE - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 BF 0D 87 68 C3 CC 01 [binary data]
    IE - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\..\URLSearchHook: {1f32b6ba-1806-4e09-b750-3d61209f70f5} - C:\Program Files (x86)\Serif_PagePlus\prxtbSeri.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3000917
    IE - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 14:13:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/22 19:26:29 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 14:13:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/22 19:26:29 | 000,000,000 | ---D | M]

    [2011/06/18 23:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
    [2012/07/23 22:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jbdlc6h7.default\extensions
    [2012/07/17 14:14:02 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jbdlc6h7.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/05/22 15:28:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jbdlc6h7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/03/15 11:44:08 | 000,000,000 | ---D | M] (HNG downloader/starter (live)) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jbdlc6h7.default\extensions\npretoxlive@live.heroesandgenerals.com
    [2012/05/04 16:49:59 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jbdlc6h7.default\extensions\plugin@yontoo.com
    [2012/07/17 14:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/09/12 21:43:21 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/07/26 03:54:04 | 000,022,573 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JBDLC6H7.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}.XPI
    [2012/07/17 14:13:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2008/07/08 17:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll
    [2012/07/17 14:13:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/17 14:13:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
  14. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage:
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: Kingdom Rush = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aijhmofidkkiacjefgflgilhklblpjcm\1.0_0\
    CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: From Dust = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj\0.0.0.23_0\
    CHR - Extension: Kingdom Rush = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
    CHR - Extension: AirMech = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\7415_0\
    CHR - Extension: Paladog = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikilpieboaolkllfacgefocjpdpnobke\2.3.1_0\
    CHR - Extension: Metal Slug 3 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfgfbbjfkdagnkbgjpknoeojjbpcjcop\3.2_0\
    CHR - Extension: 1Click Downloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.1_0\
    CHR - Extension: Gravity Duck = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\
    CHR - Extension: Hacker Vs Hacker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liagglcdcopmflkgefpaifbbmnfpbpdd\1.2_0\
    CHR - Extension: Click to call with Skype = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
    CHR - Extension: Bastion = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\
    CHR - Extension: uTorrentControl2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\

    O1 HOSTS File: ([2012/07/29 20:34:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Serif PagePlus Toolbar) - {1f32b6ba-1806-4e09-b750-3d61209f70f5} - C:\Program Files (x86)\Serif_PagePlus\prxtbSeri.dll (Conduit Ltd.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
    O3 - HKLM\..\Toolbar: (Serif PagePlus Toolbar) - {1f32b6ba-1806-4e09-b750-3d61209f70f5} - C:\Program Files (x86)\Serif_PagePlus\prxtbSeri.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
    O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4:64bit: - HKLM..\Run: [OSD CC] C:\Program Files\OSD\Launch_CC.exe (Alienware Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [OSD] c:\Program Files\OSD\Launch.exe (HH)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [DeadIslandHelper] C:\Games And Programs\Dead Island Helper.exe (Microsoft)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [F.lux] C:\Users\User\Local Settings\Apps\F.lux\flux.exe ()
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [SpiderOak] C:\Program Files (x86)\SpiderOak\SpiderOak.exe (SpiderOak)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003..\Run: [WallpaperChanger] C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe (James Garton)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-21-440589180-3775189021-4104999474-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-440589180-3775189021-4104999474-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-440589180-3775189021-4104999474-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CFB611E-7E08-4852-B45E-48E65BD717A6}: DhcpNameServer = 192.168.254.254 192.168.254.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B4B365-149C-453F-BC22-D63B14913462}: DhcpNameServer = 192.168.254.254 192.168.254.254
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/29 21:24:13 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/29 21:06:07 | 000,998,720 | ---- | C] (Solid State Networks) -- C:\Users\User\Desktop\install_flashplayer11x32_chra_aih.exe
    [2012/07/29 21:01:49 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2012/07/29 20:44:45 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
    [2012/07/29 20:41:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/29 20:34:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/29 20:17:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/29 20:17:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/29 20:17:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/29 19:58:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/29 19:58:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/29 19:45:40 | 004,721,417 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
    [2012/07/29 12:58:17 | 001,404,186 | ---- | C] (Q, Timeslip ) -- C:\Users\User\Desktop\FOMM-36901-0-13-21.exe
    [2012/07/29 10:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Nation of Wind
    [2012/07/29 10:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A Nation of Wind
    [2012/07/28 13:20:05 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Shiner
    [2012/07/25 13:32:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
    [2012/07/25 13:30:25 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/25 11:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eForm 4473 Application
    [2012/07/25 11:17:53 | 000,000,000 | ---D | C] -- C:\eForm4473
    [2012/07/18 08:52:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SWTOR
    [2012/07/18 08:52:35 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\HeroBlade Logs
    [2012/07/17 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Frogatto_1.1.1_Win
    [2012/07/17 14:23:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enjin Client
    [2012/07/17 14:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/07/17 14:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Overwolf
    [2012/07/17 14:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf
    [2012/07/17 14:20:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Overwolf
    [2012/07/16 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\intrusion2
    [2012/07/16 15:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intrusion 2
    [2012/07/16 15:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intrusion2
    [2012/07/15 13:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Lives 2010
    [2012/07/15 13:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Lives 2010
    [2012/07/15 13:37:10 | 000,409,600 | ---- | C] (ActiveLock) -- C:\Windows\SysWow64\activelock1884.ocx
    [2012/07/14 19:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
    [2012/07/14 19:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
    [2012/07/14 10:21:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ArmA 2 OA
    [2012/07/14 00:40:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
    [2012/07/13 20:29:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ArmA 2
    [2012/07/13 17:43:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SIX_Projects
    [2012/07/13 17:05:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\six-updater
    [2012/07/13 17:05:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\six-zsync
    [2012/07/13 17:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
    [2012/07/13 17:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects
    [2012/07/12 18:38:23 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\GTA San Andreas User Files
    [2012/07/12 01:08:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Erasure - Hits [The Very Best of Erasure]
    [2012/07/11 13:45:38 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\07-11-2012
    [2012/07/11 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\GOG.com Downloads
    [2012/07/11 12:31:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\GOG.com
    [2012/07/08 19:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinLauncherXP
    [2012/07/08 19:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinLauncherXP
    [2012/07/08 13:26:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2012/07/08 13:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2012/07/08 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Notepad++
    [2012/07/08 13:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
    [2012/07/07 20:55:21 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Endless Space
    [2012/07/07 19:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
    [2012/07/07 09:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
    [2012/07/07 09:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
    [2012/07/06 18:22:30 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\SS2MM_1.10_Beta_Build_0.0.4.048_installer
    [2012/07/06 17:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RUNNING WITH RIFLES Demo
    [2012/07/06 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RUNNING WITH RIFLES Demo
    [2012/07/06 17:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RUNNING WITH RIFLES Demo
    [2012/07/05 18:35:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\IsolatedStorage
    [2012/07/05 18:35:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magiko Gaming
    [2012/07/05 12:05:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cubemen
    [2012/07/05 12:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cubemen
    [2012/06/30 12:33:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\opentyrian-628c01-win32
    [2012/06/30 12:33:02 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\coskyoto
    [2012/06/30 12:32:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\fantavision
    [2012/06/30 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Wasteland+(1987)(Electronic+Arts+Inc)
    [2012/06/30 12:32:37 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\shadpres
    [2012/06/30 12:32:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Alter+Ego-+Male+(1986)(Activision,+Inc.)+[Simulation]
    [2012/06/30 12:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
    [2012/06/30 12:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
    [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/29 21:10:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-440589180-3775189021-4104999474-1003UA.job
    [2012/07/29 21:08:46 | 000,001,478 | ---- | M] () -- C:\Users\User\Desktop\post.rtf
    [2012/07/29 21:06:07 | 000,998,720 | ---- | M] (Solid State Networks) -- C:\Users\User\Desktop\install_flashplayer11x32_chra_aih.exe
    [2012/07/29 21:05:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/29 21:01:49 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2012/07/29 20:59:34 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/29 20:52:39 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/29 20:52:39 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/29 20:44:17 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/07/29 20:43:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/29 20:43:00 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/29 20:34:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/29 20:10:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-440589180-3775189021-4104999474-1003Core.job
    [2012/07/29 20:01:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/29 20:01:12 | 000,661,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/29 20:01:12 | 000,122,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/29 19:45:48 | 004,721,417 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
    [2012/07/29 15:10:09 | 306,232,754 | ---- | M] () -- C:\Users\User\Desktop\The.Armory.v2.5.Final.fomod.7z
    [2012/07/29 14:57:39 | 000,798,462 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/29 14:17:41 | 112,147,177 | ---- | M] () -- C:\Users\User\Desktop\Project_Nevada_2_5-40040-2-5.7z
    [2012/07/29 14:08:51 | 001,656,281 | ---- | M] () -- C:\Users\User\Desktop\Waster_Scarf_Fixed_2_0-35597.rar
    [2012/07/29 13:52:35 | 018,503,434 | ---- | M] () -- C:\Users\User\Desktop\Geonox_Riot_Armor_v1_1-38887-1-1.rar
    [2012/07/29 13:51:53 | 007,195,077 | ---- | M] () -- C:\Users\User\Desktop\Western_Sky_Beta_3-4-35497-0-3-3.zip
    [2012/07/29 13:48:29 | 000,751,325 | ---- | M] () -- C:\Users\User\Desktop\nvse_2_beta12.zip
    [2012/07/29 13:48:21 | 000,209,885 | ---- | M] () -- C:\Users\User\Desktop\The_Weapon_Mod_Menu-44515-1-1.zip
    [2012/07/29 13:45:00 | 000,001,229 | ---- | M] () -- C:\Users\User\Desktop\Fellout_for_Old_World_Blues-34888-1-0.zip
    [2012/07/29 13:44:27 | 000,020,841 | ---- | M] () -- C:\Users\User\Desktop\Fellout_1_4_1-34888-1-4-1.zip
    [2012/07/29 13:42:20 | 037,562,826 | ---- | M] () -- C:\Users\User\Desktop\ST_Robot_Race_v2-43732-2-0.zip
    [2012/07/29 13:38:02 | 048,583,765 | ---- | M] () -- C:\Users\User\Desktop\UHNV-V4-3-37884-4-3.zip
    [2012/07/29 13:28:53 | 011,269,361 | ---- | M] () -- C:\Users\User\Desktop\Interior_Lighting_Overhaul-35794-6-4.7z
    [2012/07/29 12:58:19 | 001,404,186 | ---- | M] (Q, Timeslip ) -- C:\Users\User\Desktop\FOMM-36901-0-13-21.exe
    [2012/07/28 00:51:22 | 047,105,625 | ---- | M] () -- C:\Users\User\Desktop\arlower-full-strengthened1.STL
    [2012/07/26 07:28:24 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/07/24 21:36:38 | 000,784,486 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/24 14:33:50 | 290,767,197 | ---- | M] () -- C:\Users\User\Desktop\Breaking.Bad.S05E02.Madrigal.HDTV.x264-FQM.mp4
    [2012/07/24 02:36:42 | 000,000,978 | ---- | M] () -- C:\Users\User\Desktop\Untitled 1.odt - Shortcut.lnk
    [2012/07/24 02:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\Quark Updater.job
    [2012/07/17 14:23:51 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Enjin Client.lnk
    [2012/07/17 14:17:29 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    [2012/07/17 01:15:34 | 004,865,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/14 19:24:14 | 000,001,451 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
    [2012/07/06 17:40:30 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/07/06 17:40:30 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/07/05 19:58:28 | 020,563,031 | ---- | M] () -- C:\Users\User\Documents\eBay Business All-In-One Desk Reference for Dummies.pdf
    [2012/07/05 12:19:13 | 000,010,952 | ---- | M] () -- C:\Users\User\Desktop\windsurfer-Pocket-To-Do-b548211.zip
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/29 21:08:46 | 000,001,478 | ---- | C] () -- C:\Users\User\Desktop\post.rtf
    [2012/07/29 20:59:34 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/29 20:17:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/29 20:17:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/29 20:17:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/29 20:17:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/29 20:17:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/29 14:16:48 | 306,232,754 | ---- | C] () -- C:\Users\User\Desktop\The.Armory.v2.5.Final.fomod.7z
    [2012/07/29 14:08:51 | 001,656,281 | ---- | C] () -- C:\Users\User\Desktop\Waster_Scarf_Fixed_2_0-35597.rar
    [2012/07/29 13:57:07 | 112,147,177 | ---- | C] () -- C:\Users\User\Desktop\Project_Nevada_2_5-40040-2-5.7z
    [2012/07/29 13:50:32 | 007,195,077 | ---- | C] () -- C:\Users\User\Desktop\Western_Sky_Beta_3-4-35497-0-3-3.zip
    [2012/07/29 13:49:47 | 018,503,434 | ---- | C] () -- C:\Users\User\Desktop\Geonox_Riot_Armor_v1_1-38887-1-1.rar
    [2012/07/29 13:48:29 | 000,751,325 | ---- | C] () -- C:\Users\User\Desktop\nvse_2_beta12.zip
    [2012/07/29 13:48:19 | 000,209,885 | ---- | C] () -- C:\Users\User\Desktop\The_Weapon_Mod_Menu-44515-1-1.zip
    [2012/07/29 13:45:00 | 000,001,229 | ---- | C] () -- C:\Users\User\Desktop\Fellout_for_Old_World_Blues-34888-1-0.zip
    [2012/07/29 13:44:27 | 000,020,841 | ---- | C] () -- C:\Users\User\Desktop\Fellout_1_4_1-34888-1-4-1.zip
    [2012/07/29 13:38:09 | 037,562,826 | ---- | C] () -- C:\Users\User\Desktop\ST_Robot_Race_v2-43732-2-0.zip
    [2012/07/29 13:29:35 | 048,583,765 | ---- | C] () -- C:\Users\User\Desktop\UHNV-V4-3-37884-4-3.zip
    [2012/07/29 13:26:52 | 011,269,361 | ---- | C] () -- C:\Users\User\Desktop\Interior_Lighting_Overhaul-35794-6-4.7z
    [2012/07/28 00:50:17 | 047,105,625 | ---- | C] () -- C:\Users\User\Desktop\arlower-full-strengthened1.STL
    [2012/07/24 21:35:24 | 290,767,197 | ---- | C] () -- C:\Users\User\Desktop\Breaking.Bad.S05E02.Madrigal.HDTV.x264-FQM.mp4
    [2012/07/24 02:36:42 | 000,000,978 | ---- | C] () -- C:\Users\User\Desktop\Untitled 1.odt - Shortcut.lnk
    [2012/07/17 14:23:51 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Enjin Client.lnk
    [2012/07/17 14:17:29 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    [2012/07/14 19:24:14 | 000,001,451 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
    [2012/07/07 09:52:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\ff_acm.acm
    [2012/07/07 09:52:05 | 000,092,160 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
    [2012/07/05 19:57:09 | 020,563,031 | ---- | C] () -- C:\Users\User\Documents\eBay Business All-In-One Desk Reference for Dummies.pdf
    [2012/07/05 12:19:13 | 000,010,952 | ---- | C] () -- C:\Users\User\Desktop\windsurfer-Pocket-To-Do-b548211.zip
    [2012/06/27 18:13:03 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2012/03/17 13:26:08 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe BMP Format CS5 Prefs
    [2012/02/28 16:10:28 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
    [2012/02/28 16:10:28 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
    [2012/02/28 16:10:28 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
    [2012/02/28 16:03:06 | 000,038,068 | ---- | C] () -- C:\Windows\DIIUnin.dat
    [2012/02/03 17:58:02 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/02/03 17:58:02 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/01/20 21:01:46 | 000,000,298 | ---- | C] () -- C:\Windows\EReg072.dat
    [2011/12/23 01:56:41 | 000,001,451 | ---- | C] () -- C:\Users\User\.recently-used.xbel
    [2011/12/22 23:43:47 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
    [2011/12/22 23:43:39 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
    [2011/12/22 22:44:05 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
    [2011/12/21 00:21:33 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/20 16:14:13 | 000,000,032 | R--- | C] () -- C:\Users\User\hash.dat
    [2011/12/12 14:10:45 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/12/12 14:10:45 | 000,001,300 | ---- | C] () -- C:\Windows\unins000.dat
    [2011/09/22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
    [2011/09/09 14:14:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2011/09/02 00:33:11 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2011/07/08 19:19:20 | 000,000,287 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2011/07/03 05:50:03 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
    [2011/06/26 23:02:18 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/06/26 23:02:02 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2011/06/26 23:02:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/06/13 14:44:06 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/03/30 13:07:10 | 001,031,168 | ---- | C] () -- C:\Windows\SysWow64\spk.dll

    ========== LOP Check ==========

    [2012/01/13 20:09:17 | 000,000,000 | ---D | M] -- C:\Users\Carson\AppData\Roaming\Irrational Games
    [2011/05/26 18:05:58 | 000,000,000 | ---D | M] -- C:\Users\Carson\AppData\Roaming\SPORE
    [2012/07/25 13:29:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
    [2012/03/21 18:42:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
    [2012/05/07 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.mojam
    [2011/06/29 18:34:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
    [2012/05/06 19:27:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Aquafadas
    [2011/10/23 12:44:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Auslogics
    [2012/01/20 21:22:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BigHugeEngine
    [2011/12/24 13:15:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/12/24 13:16:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/05/02 13:45:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
    [2011/08/26 20:32:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DarksporeData
    [2012/07/29 20:45:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
    [2011/05/14 14:30:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dwarfs
    [2012/06/18 10:12:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fatshark
    [2011/06/30 20:51:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft
    [2011/06/30 09:56:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
    [2011/08/23 13:49:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hi-Rez Studios
    [2011/12/10 13:48:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hive Cluster
    [2011/12/20 17:53:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ice-pick Lodge
    [2011/09/09 16:49:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Kalypso Media
    [2011/09/04 18:48:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MinerWars
    [2011/08/16 08:34:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MinMaxGames
    [2012/04/24 14:20:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mount&Blade Warband
    [2011/05/17 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mount&Blade With Fire and Sword
    [2012/07/08 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++
    [2011/05/31 00:02:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
    [2011/05/14 09:36:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
    [2011/10/25 16:02:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
    [2012/03/25 17:18:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PlayFirst
    [2012/05/06 19:26:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Quark
    [2011/09/30 19:03:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Quest3D
    [2012/02/17 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\runic games
    [2012/07/13 20:29:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\six-updater
    [2012/07/13 17:05:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\six-zsync
    [2012/02/23 21:19:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SpiderOak
    [2011/05/26 18:09:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SPORE
    [2012/07/15 18:07:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
    [2011/12/18 18:44:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock
    [2011/09/30 20:43:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
    [2011/12/25 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Temp
    [2012/05/02 14:18:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
    [2012/06/21 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TinyAndBigGrandpasLeftovers
    [2012/01/24 18:41:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TinyAndBigUpThatMountain
    [2011/12/18 23:05:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trine2
    [2011/08/10 00:58:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tropico 4 Demo
    [2012/02/06 23:55:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TrueCrypt
    [2012/07/18 09:14:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
    [2012/04/05 17:20:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UDP Software
    [2011/06/08 19:57:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uk.co.planetside
    [2011/06/15 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
    [2012/05/24 14:33:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity of Command DEMO
    [2012/07/29 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
    [2011/10/31 20:00:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Voxatron
    [2011/12/26 15:19:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\wargaming.net
    [2011/08/12 03:31:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\X3 Editor 2
    [2012/07/29 20:44:17 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
    [2012/07/24 02:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\Quark Updater.job
    [2012/06/30 17:05:31 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,422   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/07/29 21:24:13 | 000,000,000 | ---D | C] -- C:\FRST
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    Okay, here are the logs:
    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U folder moved successfully.
    C:\FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L folder moved successfully.
    C:\FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} folder moved successfully.
    C:\FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U folder moved successfully.
    C:\FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L folder moved successfully.
    C:\FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Carson
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: User
    ->Temp folder emptied: 486269 bytes
    ->Temporary Internet Files folder emptied: 14763605 bytes
    ->Java cache emptied: 59136334 bytes
    ->FireFox cache emptied: 59456869 bytes
    ->Google Chrome cache emptied: 184222700 bytes
    ->Opera cache emptied: 21125129 bytes
    ->Flash cache emptied: 8818858 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 958464 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15220 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 333.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Carson

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    User: User
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Carson

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    User: User
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07292012_224130

    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!
    C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\FRST\Quarantine not found!
    File C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24
    Java(TM) 6 Update 25
    Java(TM) 6 Update 32
    Java version out of Date!
    Adobe Reader X (10.1.3)
    Mozilla Firefox 13.0.1 Firefox out of Date!
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 26-07-2012
    Ran by User (administrator) on 29-07-2012 at 23:02:18
    Running from "C:\Users\User\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\Users\User\Downloads\freeripmp3-setup.exe multiple threats cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\07292012_224130\C_\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
    C:\_OTL\MovedFiles\07292012_224130\C_FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\07292012_224130\C_FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\07292012_224130\C_FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\07292012_224130\C_FRST\Quarantine\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
  17. Broni

    Broni Malware Annihilator Posts: 46,422   +252

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================

    We have one corrupted registry key affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on bits.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.
  18. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    Java's updated. Here's the FSS log:
    Farbar Service Scanner Version: 26-07-2012
    Ran by User (administrator) on 30-07-2012 at 18:51:02
    Running from "C:\Users\User\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  19. Broni

    Broni Malware Annihilator Posts: 46,422   +252

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  20. Goach Mcguirk

    Goach Mcguirk Newcomer, in training Topic Starter

    Superb- everything seems okay. Thank you for your patience throughout this process. Here's my final OTL log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Carson
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: User
    ->Temp folder emptied: 1968072 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 2489 bytes
    ->FireFox cache emptied: 18478544 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 18490696 bytes
    ->Flash cache emptied: 3793 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 29592 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 77975934 bytes

    Total Files Cleaned = 112.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Carson

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    User: User
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Carson

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    User: User
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.55.0 log created on 07302012_190541

    Files\Folders moved on Reboot...
    C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
  21. Broni

    Broni Malware Annihilator Posts: 46,422   +252

    Yes!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.