Solved Live Security Platinum and corrupted MSE causing reboot

dfkmok · Jul 29, 2012

I have encountered the same problem many poeple are getting due to a botched removal of Live Security Platinum. I tried to do a quick and dirty removal without using instructions. I used malwarebytes to remove Live Security Platinum and then reinstalled MSE to get it working again. MSE found three viruses without a scan: Sirefef, Sirefef.W and Sirefef.Y.removed them and then found two more after reboot and now a pop up always occurs telling me a critical error occurred and my computer shuts down after 60 seconds. Too short for successful system restore and all modes give me same error and restart. Would it be possible for you to provide me with a fixlist.txt for my system? I have the logs required

.
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 15:04:37
Running from N:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2093128 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4271688 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-06-25] (Logitech, Inc.)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Administrator\...\Run: [Steam] "Z:\Program Files (x86)\Steam\steam.exe" -silent [x]
HKU\Administrator\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Administrator\...\Run: [AdobeBridge] [x]
HKU\Administrator\...\Run: [igndlm.exe] Z:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork [x]
HKU\Administrator\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\shalafi\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.31
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ======
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-10] ()
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-04-02] ()
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-27] ()
2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 DAUpdaterSvc; C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x]
========================== Drivers (Whitelisted) =============
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-13] (DT Soft Ltd)
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
3 ivusb; C:\Windows\System32\Drivers\ivusb.sys [29720 2010-07-28] (Initio Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 prwntdrv; \??\C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-06-13] (Duplex Secure Ltd.)
3 WaveATSC; C:\Windows\System32\Drivers\WaveATSC.sys [499584 2007-04-28] (Lumanate, Inc.)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-29 07:07 - 2012-07-29 07:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72355804D77ADF35
2012-07-29 07:03 - 2012-07-29 07:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A196D2EFFE1733A8
2012-07-29 06:53 - 2012-07-29 06:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.945172E846B5B583
2012-07-29 06:53 - 2012-07-29 06:53 - 00000000 ___SD C:\32788R22FWJFW
2012-07-29 06:53 - 2012-07-29 06:53 - 00000000 ____D C:\Windows\erdnt
2012-07-29 06:53 - 2012-07-29 06:53 - 00000000 ____D C:\Qoobox
2012-07-29 06:52 - 2012-07-29 06:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\{F5547337-3B74-48DF-919F-126D1B1DCA25}
2012-07-29 06:52 - 2012-07-29 06:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0919A863-EE21-43B4-849A-C0857B5F30C5}
2012-07-29 06:52 - 2012-07-29 06:30 - 04721417 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-07-28 15:06 - 2012-07-28 15:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.44867F13738C5841
2012-07-28 15:00 - 2012-07-28 15:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E08BBB66C628BFA
2012-07-28 14:58 - 2012-07-28 14:58 - 00001058 ____A C:\Users\Administrator\Desktop\AVATAR.txt
2012-07-28 14:51 - 2012-07-28 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470471182201D2C2
2012-07-28 14:43 - 2012-07-28 14:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A5392B37A51A05A
2012-07-28 14:22 - 2012-07-28 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B61A18C646B9B9C8
2012-07-28 14:15 - 2012-07-28 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AA4A9FF14A1F4DE
2012-07-28 14:03 - 2012-07-28 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.005B5C1391276AA1
2012-07-28 13:59 - 2012-07-28 13:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14E8BFD053279AE2
2012-07-28 13:54 - 2012-07-28 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F11B02179057CCB
2012-07-28 13:54 - 2012-07-28 13:54 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wadhclfa.sys
2012-07-28 13:42 - 2012-07-28 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48A34DB58512BCE8
2012-07-28 13:34 - 2012-07-28 13:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6FE39B408180DA6B
2012-07-28 13:28 - 2012-07-28 13:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-28 13:28 - 2012-07-28 13:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-28 13:23 - 2012-07-28 13:23 - 12621696 ____A (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe
2012-07-28 13:00 - 2012-07-28 13:00 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 13:00 - 2012-07-28 13:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-28 13:00 - 2012-07-28 13:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-07-28 13:00 - 2012-07-28 13:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-28 13:00 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-28 12:04 - 2012-07-28 12:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-28 12:01 - 2012-07-28 12:03 - 00000000 ____D C:\Users\All Users\7531CC962B17D97900440347F875EF60
2012-07-28 12:01 - 2012-07-28 12:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Skyrim
2012-07-28 11:48 - 2012-07-28 11:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\{ADFA37F8-C64F-4112-B79E-44216ED375CE}
2012-07-28 11:48 - 2012-07-28 11:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A019623B-C610-4A5B-B7A8-EFC211FF5CF4}
2012-07-26 05:47 - 2012-07-26 05:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\{DA9A1E41-05CA-40DF-8872-00D78A740CAF}
2012-07-26 05:46 - 2012-07-26 05:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A3F618C2-72CE-4AEE-91A8-1B8D27391162}
2012-07-25 16:38 - 2012-07-25 16:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\{46346312-BEF5-4F96-B123-9F2053BF0384}
2012-07-25 04:37 - 2012-07-25 16:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\{669DCAD3-3397-4049-A112-93D359C93ADF}
2012-07-25 04:37 - 2012-07-25 04:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0B0E936E-0B69-4726-9BDA-CBBF0971F58A}
2012-07-23 10:37 - 2012-07-23 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\{19313D37-9C0D-4051-9C61-0ACD6F2340A0}
2012-07-23 10:36 - 2012-07-23 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0FB33F07-69A7-4581-8FE4-A50876D79F9C}
2012-07-18 06:31 - 2012-07-29 10:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 06:31 - 2012-07-18 06:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\{D8A82060-DB89-46FA-84B8-29C274D4AC99}
2012-07-18 06:31 - 2012-07-18 06:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\{37007E9A-C58A-4E0E-8896-42500F9EFCA2}
2012-07-14 05:14 - 2012-07-14 05:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\{3AABCB82-0EA1-4FE1-A006-4348EF10C49F}
2012-07-14 05:13 - 2012-07-14 05:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A7388844-520E-4CA7-8C42-AEED6C2F40A7}
2012-07-13 17:13 - 2012-07-13 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{720BB913-3B2D-48AD-8645-6897775B4677}
2012-07-13 17:13 - 2012-07-13 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{05DFBA4B-8030-4731-868D-4593341E03DE}
2012-07-13 05:13 - 2012-07-13 05:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{E2C5DCB0-CC4F-49C1-ACFA-CD3B7ED6ACA5}
2012-07-13 05:12 - 2012-07-13 05:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{AD24AD47-A651-4361-9248-A72C1F6899D1}
2012-07-12 17:12 - 2012-07-12 17:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{AC4DE5B1-4BA2-4DCC-9050-9D7CBA42BD97}
2012-07-12 17:12 - 2012-07-12 17:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{3C0F1B49-634B-41F5-B6CF-D6643CD6D5AE}
2012-07-12 06:18 - 2012-07-12 06:18 - 00000716 ____A C:\Users\Administrator\Desktop\Dungeons & Dragons Online® Eberron Unlimited™.lnk
2012-07-12 05:14 - 2012-07-12 05:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2012-07-12 05:12 - 2012-07-12 05:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{C970C4CE-76AC-494D-A9C2-D3068438F862}
2012-07-12 05:11 - 2012-07-12 05:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{AC11CB3E-023C-4111-B09E-794B26F709FC}
2012-07-10 23:08 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 23:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 20:13 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 20:13 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 20:13 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 20:13 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 20:13 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 20:13 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 20:13 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 20:13 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 20:13 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 20:13 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 20:13 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 20:12 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 20:12 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 20:12 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 20:12 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 20:12 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 20:12 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 20:12 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 20:12 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 16:50 - 2012-07-10 16:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{C192F10E-B35D-4BF6-B4F1-946CE2B81BE1}
2012-07-10 16:50 - 2012-07-10 16:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BC456839-A3A3-4588-9147-F4BECBD5788E}
2012-07-10 04:50 - 2012-07-10 04:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0AAE9C15-D10F-4864-B17E-5A189B903510}
2012-07-10 04:49 - 2012-07-10 04:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{6E447979-92B8-4361-BB09-F6DFE277859A}
2012-07-09 16:49 - 2012-07-09 16:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BB1701F9-DD21-4993-A200-CD70A81B452A}
2012-07-09 16:49 - 2012-07-09 16:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{3257A2AC-B2F1-40A7-A5F2-02A584DC982B}
2012-07-09 04:49 - 2012-07-09 04:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{48370767-14AA-406E-B6E2-20798F3602B5}
2012-07-09 04:46 - 2012-07-09 04:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{982382CC-1947-4D11-8F73-8E42CB81DD50}

============ 3 Months Modified Files ========================
2012-07-29 10:47 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-29 10:45 - 2012-07-18 06:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-29 10:45 - 2010-11-16 14:43 - 00022462 ____A C:\Windows\setupact.log
2012-07-29 10:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-29 07:07 - 2012-07-29 07:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72355804D77ADF35
2012-07-29 07:07 - 2012-04-08 13:08 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-29 07:07 - 2011-05-17 17:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-29 07:03 - 2012-07-29 07:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A196D2EFFE1733A8
2012-07-29 06:53 - 2012-07-29 06:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.945172E846B5B583
2012-07-29 06:30 - 2012-07-29 06:52 - 04721417 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-07-28 15:06 - 2012-07-28 15:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.44867F13738C5841
2012-07-28 15:00 - 2012-07-28 15:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E08BBB66C628BFA
2012-07-28 14:58 - 2012-07-28 14:58 - 00001058 ____A C:\Users\Administrator\Desktop\AVATAR.txt
2012-07-28 14:51 - 2012-07-28 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470471182201D2C2
2012-07-28 14:51 - 2010-01-08 00:48 - 01870624 ____A C:\Windows\WindowsUpdate.log
2012-07-28 14:43 - 2012-07-28 14:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A5392B37A51A05A
2012-07-28 14:22 - 2012-07-28 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B61A18C646B9B9C8
2012-07-28 14:15 - 2012-07-28 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AA4A9FF14A1F4DE
2012-07-28 14:03 - 2012-07-28 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.005B5C1391276AA1
2012-07-28 13:59 - 2012-07-28 13:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14E8BFD053279AE2
2012-07-28 13:54 - 2012-07-28 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F11B02179057CCB
2012-07-28 13:54 - 2012-07-28 13:54 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wadhclfa.sys
2012-07-28 13:42 - 2012-07-28 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48A34DB58512BCE8
2012-07-28 13:41 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-28 13:41 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-28 13:34 - 2012-07-28 13:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6FE39B408180DA6B
2012-07-28 13:29 - 2011-01-28 19:51 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-28 13:29 - 2010-01-09 17:03 - 00763096 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-28 13:23 - 2012-07-28 13:23 - 12621696 ____A (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe
2012-07-28 13:20 - 2009-07-13 21:13 - 00747184 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-28 13:15 - 2010-01-08 06:04 - 00021214 ____A C:\Windows\PFRO.log
2012-07-28 13:00 - 2012-07-28 13:00 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 12:00 - 2010-01-08 06:20 - 00878841 ____A C:\Windows\DirectX.log
2012-07-12 06:18 - 2012-07-12 06:18 - 00000716 ____A C:\Users\Administrator\Desktop\Dungeons & Dragons Online® Eberron Unlimited™.lnk
2012-07-10 23:26 - 2009-07-13 20:45 - 03024824 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:07 - 2009-07-13 18:34 - 00000512 ____A C:\Windows\win.ini
2012-07-10 23:03 - 2010-01-08 05:59 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-04 12:32 - 2010-04-16 16:06 - 00002000 ___AH C:\Users\Administrator\Documents\Default.rdp
2012-07-03 09:46 - 2012-07-28 13:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-22 10:55 - 2012-06-22 10:57 - 00399932 ____A C:\o-Demonoid.me-o_20th_Century_Romance.torrent
2012-06-13 09:17 - 2012-06-13 09:17 - 00001791 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 08:01 - 2012-06-13 08:01 - 00000222 ____A C:\Users\Administrator\Desktop\Sins of a Solar Empire Rebellion.url
2012-06-13 07:47 - 2012-06-13 07:47 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-06-13 07:42 - 2012-06-13 07:42 - 00001958 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-06-13 07:41 - 2010-01-08 19:58 - 00560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-06-11 19:08 - 2012-07-10 23:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 20:13 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 20:13 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 20:13 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 20:13 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 20:12 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 20:13 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 20:13 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 20:12 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 21:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 21:15 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 21:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 21:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 21:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-20 21:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 20:13 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 20:12 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 20:12 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 20:13 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 20:13 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 20:12 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 20:12 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 20:12 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 20:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2010-01-08 05:46 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-22 04:40 - 2012-05-22 04:40 - 00001853 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-19 06:09 - 2012-05-19 06:08 - 00011776 __ASH C:\Thumbs.db
2012-05-17 11:10 - 2012-05-17 11:10 - 01076328 ____A C:\Scan0012-2.psd
2012-05-17 11:07 - 2012-05-17 11:05 - 01075464 ____A C:\Scan0012-1.psd
2012-05-12 09:00 - 2012-05-12 09:00 - 00001359 ____A C:\Users\Public\Desktop\EASEUS Partition Recovery 5.0.1.lnk
2012-05-12 08:59 - 2012-05-12 08:59 - 08785352 ____A (EASEUS ) C:\Users\Administrator\Downloads\partition_recovery.exe
2012-05-12 08:59 - 2012-05-12 08:59 - 00463080 ____A (CNET Download.com) C:\Users\Administrator\Downloads\cnet2_partition_recovery_exe.exe
2012-05-12 06:34 - 2012-05-12 06:33 - 28461576 ____A (R-Tools Technology Inc.) C:\Users\Administrator\Downloads\rs64_en_5 (1).exe
2012-05-11 19:10 - 2012-05-11 19:03 - 05595920 ____A (EASEUS ) C:\Users\Administrator\Downloads\drw_free.exe
2012-05-11 19:09 - 2012-05-11 19:08 - 01743056 ____A (QueTek Consulting Corporation) C:\Users\Administrator\Downloads\32fsu40.exe
2012-05-11 18:56 - 2012-05-11 18:56 - 00002283 ____A C:\Users\Public\Desktop\Advanced Disk Recovery.lnk
2012-05-11 18:54 - 2012-05-11 18:55 - 04494872 ____A (Systweak Inc ) C:\Users\Administrator\Downloads\adrsetup.exe
2012-05-11 18:54 - 2012-05-11 18:54 - 00463080 ____A (CNET Download.com) C:\Users\Administrator\Downloads\cnet2_adrsetup_exe.exe
2012-05-11 18:52 - 2012-05-11 18:50 - 28461576 ____A (R-Tools Technology Inc.) C:\Users\Administrator\Downloads\rs64_en_5.exe
2012-05-04 23:46 - 2012-05-04 23:46 - 00000652 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-04 23:34 - 2012-05-04 23:34 - 00215032 ____A C:\Users\Administrator\Downloads\Jack_Campbell_-_[The_Lost_Fleet_08_-_Beyond_the_Frontier_02].exe
2012-05-04 23:34 - 2012-05-04 23:34 - 00000915 ____A C:\Users\Administrator\Downloads\Jack_Campbell_[The_Lost_Fleet_08_Beyond_the_Frontier_02]_Invincible_(v5_0)_(ePub_MOBI)-(Demonoid.me).torrent
2012-05-04 03:06 - 2012-06-13 08:04 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 08:04 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 08:04 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 08:04 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 08:04 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 18:38 - 2012-05-01 18:38 - 00000263 ____A C:\Users\Administrator\Documents\wtx-500b3-3-01b.log
2012-05-01 18:03 - 2012-05-01 18:01 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2012-05-01 18:03 - 2012-05-01 18:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2012-05-01 18:01 - 2012-05-01 18:01 - 00001619 ____A C:\Windows\ST6UNST.000
2012-05-01 18:00 - 2012-05-01 18:00 - 05434782 ____A C:\Users\Administrator\Downloads\sfrm0100.exe

ZeroAccess:
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\@
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\L
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U\00000001.@
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U\80000000.@
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U\800000cb.@
ZeroAccess:
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}\@
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}\L
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 6143.12 MB
Available physical RAM: 5350.51 MB
Total Pagefile: 6141.32 MB
Available Pagefile: 5350.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: (Windows7) (Fixed) (Total:350 GB) (Free:213.68 GB) NTFS
3 Drive d: (Vista) (Fixed) (Total:465.76 GB) (Free:354.18 GB) NTFS
4 Drive f: (Data2) (Fixed) (Total:1047.26 GB) (Free:288.34 GB) NTFS
6 Drive h: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
9 Drive k: (Data) (Fixed) (Total:698.63 GB) (Free:510.23 GB) NTFS
12 Drive n: () (Removable) (Total:0.48 GB) (Free:0.44 GB) FAT
13 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
14 Drive y: (XPPro) (Fixed) (Total:465.75 GB) (Free:240.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 9 MB
Disk 1 Online 698 GB 0 B *
Disk 2 Online 465 GB 0 B
Disk 3 Online 1397 GB 1024 KB
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Disk 8 Online 494 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Y XPPro NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 698 GB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 42
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
==================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Vista NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 350 GB 1024 KB
Partition 2 Primary 1047 GB 350 GB
==================================================================================
Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C Windows7 NTFS Partition 350 GB Healthy
==================================================================================
Disk: 3
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F Data2 NTFS Partition 1047 GB Healthy
==================================================================================
Partitions of Disk 8:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 493 MB 16 KB
==================================================================================
Disk: 8
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 11 N FAT Removable 493 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-18 07:56
======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 15:06:30
Running from N:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-29 10:47] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

Jay Pfoutz · Jul 29, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\Installer\{2d66ed5d-aeae-07d0-c898-e193c8105312}
C:\Users\Administrator\AppData\Local\{2d66ed5d-aeae-07d0-c898-e193c8105312}
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

dfkmok · Jul 29, 2012

Hi DMJ:

It still reboots. "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now."

Here is the fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 16:46:30 Run:1
Running from N:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
Could not find C:\Windows\System32\services.exe.
Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe.
==== End of Fixlog ====

dfkmok · Jul 29, 2012

I am multi-booting various OS. FRST64.exe reports that my windows 7 os is on e drive. Does this make a difference? It's a very great tool, It informed me that I have multiple OSes and then asks which one I wish to repair. It informs me that vista is on D; XP is on C and windows 7 is on E.

Dave

Jay Pfoutz · Jul 30, 2012

Windows 7 appears to be the issue.

Was that the OS where the fix was done?

dfkmok · Jul 30, 2012

Yes, FRST64 allowed me to choose which OS and I chose Windows 7. When you run it says "More than one Windows operating system detected. "They will be presented to select one to be scanned. In case you made the wrong choice please restart and boot to recovery environment again before running the tool. Click OK to continue.

Then another pop occurs after clicking OK with the various OS choices. The one I chose says "Is this the operating system you want to repair:

Windows 7 Ultimate

This operating system is on e: drive when booted to the recovery mode Yes or No

Two other points.

I boot to recovery mode with windows 7 cd and when it lists windows operating systems it shows windows vista ultimate on D drive and Windows 7 ulitmate on E drive. It does not see windows xp

I also found the directory Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1 on e drive.

It does have file services.exe in it along with services.mof and Services.ptxml

Thanks

Jay Pfoutz · Jul 30, 2012

What operating systems can you boot to at this time?

dfkmok · Jul 30, 2012

Haven't tried to boot to any of the other OSes yet.

dfkmok · Jul 30, 2012

Should I run the script with modified drive location?

Jay Pfoutz · Jul 31, 2012

If you know what you're doing, reset the drive location.

dfkmok · Jul 31, 2012

Ok first time didn't work didn't see the second c drive in the replace statement. will try again. I booted into my other windows OSes, no problem. Both windows XP Pro 32 bit and Vista Ultimate are working fine but very outdated haven't booted into for more than a year. I will try again with modified fixlist. Will let you know

dfkmok · Jul 31, 2012

Doesn't seem to work. Right up to the time I run FRST64.exe I see e: drive and everything else inlcuding files needing replacement. As soon as I run FRST64.exe and it says it finds more OS and ask me to choose I loose drive e: even when I have switched it to drive e to run FRST64. Anything I can do?. I'd really like not to have to reinstall.

dfkmok · Jul 31, 2012

I'm going to try to boot into another os and physically replace the files. will let you know if that fixes it

dfkmok · Jul 31, 2012

Will do a command line copy and replace from windows RE first. Does FRST64 do anything else besides run the script? If I manage to replace the file is there anything else I need to do?

Jay Pfoutz · Aug 1, 2012

FRST can run the script, do Command Line stuff, and search around - that's about it.

Let me know how that Command Line copy was...

dfkmok · Aug 1, 2012

Everythingis crazy slow but it all seems to be working. No reboot after file replaced. doing a sfc /scannow right now. Is there anything I have to change in the registry?

Dave

dfkmok · Aug 1, 2012

Hi ran combofix. log is below

ComboFix 12-07-31.02 - Administrator 08/01/2012 10:16:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.3914 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\program files (x86)\INSTALL.LOG
C:\Thumbs.db
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\messaging.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\install.rdf
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\button1.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\button2.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\button3.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\button4.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\button5.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\icon128.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\icon16.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\icon24.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\icon48.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\popup.css
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\popup.html
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\skin.css
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\extensions\crossriderapp3491@crossrider.com\skin\update.css
c:\users\Administrator\Desktop\Setup.exe
c:\users\Public\2010_12_24_blitzkrieg_v3.1.exe
c:\windows\ST6UNST.000
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
K:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 14:32 . 2012-08-01 14:32 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{019E4A3C-DD64-4881-A031-E15EF4F4AB61}\offreg.dll
2012-08-01 14:29 . 2012-08-01 14:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-01 14:29 . 2012-08-01 14:29 -------- d-----w- c:\users\UpdatusUser.Avatar\AppData\Local\temp
2012-08-01 14:29 . 2012-08-01 14:29 -------- d-----w- c:\users\shalafi\AppData\Local\temp
2012-08-01 14:29 . 2012-08-01 14:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 13:34 . 2012-07-16 06:40 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{019E4A3C-DD64-4881-A031-E15EF4F4AB61}\mpengine.dll
2012-07-31 17:17 . 2012-07-31 17:17 328704 ----a-w- c:\windows\system32\services.exe.B3FAA7FFB9754C16
2012-07-31 17:06 . 2012-07-31 17:06 328704 ----a-w- c:\windows\system32\services.exe.233B47EF48D4C88E
2012-07-31 17:00 . 2012-07-31 17:00 328704 ----a-w- c:\windows\system32\services.exe.4D4D2B2DE2A353D4
2012-07-29 23:04 . 2012-07-29 23:04 -------- d-----w- C:\FRST
2012-07-29 14:53 . 2012-08-01 17:05 -------- d-----w- C:\32788R22FWJFW
2012-07-28 21:00 . 2012-07-28 21:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-07-28 21:00 . 2012-08-01 01:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 21:00 . 2012-07-28 21:00 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 20:01 . 2012-08-01 01:12 -------- d-----w- c:\programdata\7531CC962B17D97900440347F875EF60
2012-07-28 20:01 . 2012-07-28 20:01 -------- d-----w- c:\users\Administrator\AppData\Local\Skyrim
2012-07-12 13:14 . 2012-07-12 13:14 -------- d-----w- c:\users\Administrator\AppData\Local\Macromedia
2012-07-03 18:46 . 2012-02-10 15:10 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FBA7800-CB63-4880-A94E-156F6A5B253E}\gapaengine.dll
2012-07-02 18:47 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 16:12 . 2010-01-08 13:59 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-13 15:47 . 2012-06-13 15:47 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-13 15:46 . 2012-04-08 21:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 15:46 . 2011-05-18 01:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 15:41 . 2010-01-09 03:58 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-02 22:19 . 2012-06-21 05:15 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 05:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:15 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 05:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 05:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 05:15 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 02:47 . 2012-06-13 16:05 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-13 16:05 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-13 16:05 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-13 16:05 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-13 16:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-13 16:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-13 16:05 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-13 16:05 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-13 16:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-13 16:05 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-13 16:05 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-13 16:05 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-13 16:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-13 16:05 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-13 16:05 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-13 16:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-13 16:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-13 16:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-13 16:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-13 16:04 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 01:14 . 2012-04-08 21:14 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06 . 2012-06-13 16:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 16:04 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 16:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 16:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-13 16:04 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="z:\program files (x86)\Steam\steam.exe" [2011-08-05 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"igndlm.exe"="z:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;z:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2010-12-26 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-11 1038088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-13 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 448512]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R3 WaveATSC;Lumanate Wave NTSC/ATSC Combo Device;c:\windows\system32\DRIVERS\WaveATSC.sys [2007-04-29 499584]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-13 283200]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/21 16:55];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 16:58 146928]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-04-02 18:47 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: bell.ca\www70.consumer.ecare
Trusted Zone: live.com\onecare
TCP: DhcpNameServer = 192.168.15.31
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - user.js: extentions.y2layers.installId - 5b81e908-0c2e-435b-804e-8501711bed58
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye - z:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,90,
6d,f2,61,45,03,af,f0,41,fc,1e,7e,e7,64
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dd,
c4,72,f5,3c,0d,a4,7d,d6,65,c2,83,cc,b3
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,01,
69,c7,87,4b,08,ae,e2,9e,9a,f2,9f,69,59
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,1b,67,
e2,e9,ce,2a,06,bd,83,41,eb,42,17,8e,c2
"{11111111-1111-1111-1111-110011341191}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0c,04,
0e,26,40,76,5f,09,18,5b,40,12,72,55,8b
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:22,c8,c3,9a,93,2a,cd,01
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,65,6d,3d,62,25,b0,4e,bf,b9,4d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,2e,85,40,15,79,ad,4e,9b,b0,4b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,a6,0c,0b,47,68,4f,46,b3,48,ee,\
"027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,65,6d,3d,62,25,b0,4e,bf,b9,4d,\
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFO\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PDVD10IFOfile"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RMX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PDVD9RMXfile"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PDVD10VOBfile"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vpj\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NCH.VideoPad.vpj"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XDL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PDVD10XDLfile"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\SecuROM\License information*]
"datasecu"=hex:a4,e7,3d,fb,3f,ee,64,ab,54,cf,d4,3e,b9,1b,6c,22,ca,de,a8,24,24,
56,2d,f6,b4,96,46,f5,4c,64,df,f6,84,97,5a,e9,c4,9b,e8,7f,01,a9,de,f8,bb,8c,\
"rkeysecu"=hex:d8,0a,73,71,36,55,a0,f8,ba,c4,a6,30,72,ba,a7,c5
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Completion time: 2012-08-01 13:22:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 17:22
.
Pre-Run: 239,192,064,000 bytes free
Post-Run: 239,944,331,264 bytes free
.
- - End Of File - - 655C3ABABF6325B1C934A10D4E86A3A3

Jay Pfoutz · Aug 2, 2012

Oh good work!

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:

ClearJavaCache::

Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

dfkmok · Aug 3, 2012

ComboFix 12-07-31.05 - Administrator 08/03/2012 8:28.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.2808 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
..
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
2012-08-03 12:38 . 2012-08-03 12:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-03 12:38 . 2012-08-03 12:38 -------- d-----w- c:\users\UpdatusUser.Avatar\AppData\Local\temp
2012-08-03 12:38 . 2012-08-03 12:38 -------- d-----w- c:\users\shalafi\AppData\Local\temp
2012-08-03 12:38 . 2012-08-03 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 07:36 . 2012-08-03 07:36 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5697031E-5247-4799-BA15-4B86B966D11F}\gapaengine.dll
2012-08-03 07:36 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C59AA7A8-E7AB-444B-93D7-B267E7A03436}\mpengine.dll
2012-08-02 07:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-02 04:30 . 2012-08-02 04:30 -------- d-----w- c:\program files (x86)\ESET
2012-08-01 18:52 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-01 18:43 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-01 13:48 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-08-01 13:48 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-01 13:48 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-08-01 13:48 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-08-01 13:48 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-08-01 13:48 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-08-01 13:48 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-08-01 13:48 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-08-01 13:48 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-08-01 13:48 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-08-01 13:48 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-08-01 13:48 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-08-01 13:48 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-31 17:17 . 2012-07-31 17:17 328704 ----a-w- c:\windows\system32\services.exe.B3FAA7FFB9754C16
2012-07-31 17:06 . 2012-07-31 17:06 328704 ----a-w- c:\windows\system32\services.exe.233B47EF48D4C88E
2012-07-31 17:00 . 2012-07-31 17:00 328704 ----a-w- c:\windows\system32\services.exe.4D4D2B2DE2A353D4
2012-07-29 23:04 . 2012-07-29 23:04 -------- d-----w- C:\FRST
2012-07-28 21:00 . 2012-07-28 21:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-07-28 21:00 . 2012-08-01 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 21:00 . 2012-07-28 21:00 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 20:01 . 2012-08-01 01:12 -------- d-----w- c:\programdata\7531CC962B17D97900440347F875EF60
2012-07-28 20:01 . 2012-07-28 20:01 -------- d-----w- c:\users\Administrator\AppData\Local\Skyrim
2012-07-12 13:14 . 2012-07-12 13:14 -------- d-----w- c:\users\Administrator\AppData\Local\Macromedia
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 07:03 . 2010-01-08 13:59 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-13 15:47 . 2012-06-13 15:47 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-13 15:46 . 2012-04-08 21:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 15:46 . 2011-05-18 01:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 15:41 . 2010-01-09 03:58 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-02 22:19 . 2012-06-21 05:15 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 05:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:15 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 05:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 05:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 05:15 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.((((((((((((((((((((((((((((( SnapShot@2012-08-01_17.06.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-30 15:39 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-08-01 13:49 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-08-01 13:49 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll
- 2012-01-30 15:39 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
- 2012-06-13 16:05 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-02 07:02 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-02 07:02 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-06-13 16:05 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-06-13 16:05 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-08-02 07:02 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2009-07-14 04:54 . 2012-08-03 12:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-01 14:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-03 12:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-01 14:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-03 12:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-01 14:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-13 16:05 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-02 07:02 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
- 2012-06-13 16:05 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-02 07:02 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-02 07:02 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
- 2012-06-13 16:05 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
+ 2012-08-01 13:49 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys
- 2012-01-30 15:39 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
- 2010-01-08 08:52 . 2012-08-01 14:13 81920 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-08 08:52 . 2012-08-02 16:51 81920 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-08-03 12:45 87616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-01-09 03:18 . 2012-08-02 07:07 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-10 01:12 . 2012-08-02 07:07 35088 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-10 01:12 . 2012-05-10 22:51 35088 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-10 01:12 . 2012-08-02 07:07 18704 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-10 01:12 . 2012-05-10 22:51 18704 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-10 01:12 . 2012-08-02 07:07 20240 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-10 01:12 . 2012-05-10 22:51 20240 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-10 01:00 . 2012-08-02 07:06 35088 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-10 01:00 . 2012-05-10 22:50 35088 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-10 01:00 . 2012-08-02 07:06 18704 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-10 01:00 . 2012-05-10 22:50 18704 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-10 01:00 . 2012-08-02 07:06 20240 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-10 01:00 . 2012-05-10 22:50 20240 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-07-20 11:28 . 2011-07-20 11:28 54104 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\SCANOST.EXE
+ 2011-07-20 11:28 . 2011-07-20 11:28 75624 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\RM.DLL
+ 2011-07-20 11:28 . 2011-07-20 11:28 38248 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\RECALL.DLL
+ 2011-05-27 01:18 . 2011-05-27 01:18 52088 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OUTLVBA.DLL
+ 2011-07-20 11:28 . 2011-07-20 11:28 34208 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\DUMPSTER.DLL
+ 2011-07-20 11:28 . 2011-07-20 11:28 87408 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\DLGSETP.DLL
- 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2012-08-01 13:49 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll
- 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll
+ 2012-08-01 13:49 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll
- 2012-08-01 14:32 . 2012-08-01 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-03 12:40 . 2012-08-03 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-03 12:40 . 2012-08-03 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-01 14:32 . 2012-08-01 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-13 16:05 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-02 07:02 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-01 13:49 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll
- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-08-01 13:49 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-08-02 07:02 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll
- 2012-06-13 16:05 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-08-02 07:02 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-06-13 16:05 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-06-13 16:05 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-08-02 07:02 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
- 2012-06-13 16:05 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
+ 2012-08-02 07:02 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
- 2012-01-30 15:39 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
+ 2012-08-01 13:49 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll
- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
+ 2012-08-01 13:49 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll
+ 2012-08-02 07:02 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll
- 2012-06-13 16:05 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll
+ 2012-08-02 07:02 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
- 2012-06-13 16:05 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
- 2012-06-13 16:05 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
+ 2012-08-02 07:02 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
+ 2012-08-01 13:49 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-08-01 13:49 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys
- 2009-07-14 04:54 . 2012-08-01 14:13 278528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 16:51 278528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-08-01 14:30 468724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-03 12:38 468724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-01-09 03:18 . 2012-06-13 16:18 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-01-10 01:12 . 2012-08-02 07:07 327952 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\visicon.exe
- 2010-01-10 01:12 . 2012-05-10 22:51 327952 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\visicon.exe
+ 2010-01-10 01:12 . 2012-08-02 07:07 217864 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-10 01:12 . 2012-05-10 22:51 217864 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-10 01:00 . 2012-05-10 22:50 239376 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
+ 2010-01-10 01:00 . 2012-08-02 07:06 239376 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
+ 2010-01-10 01:00 . 2012-08-02 07:06 217864 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-10 01:00 . 2012-05-10 22:50 217864 c:\windows\Installer\{90120000-003B-0000-0000-0000000FF1CE}\misc.exe
+ 2011-07-20 11:28 . 2011-07-20 11:28 282032 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\SCNPST64.DLL
+ 2011-07-20 11:28 . 2011-07-20 11:28 273832 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\SCNPST32.DLL
+ 2011-07-27 09:55 . 2011-07-27 09:55 410992 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\RTFHTML.DLL
+ 2011-07-20 12:06 . 2011-07-20 12:06 770480 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\REGFORM.EXE
+ 2011-07-20 11:28 . 2011-07-20 11:28 421736 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\PSTPRX32.DLL
+ 2011-05-31 21:15 . 2011-05-31 21:15 177040 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OUTLPH.DLL
+ 2011-07-27 09:55 . 2011-07-27 09:55 596888 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OUTLMIME.DLL
+ 2011-05-27 01:18 . 2011-05-27 01:18 136536 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OUTLCTL.DLL
+ 2011-07-27 11:03 . 2011-07-27 11:03 194448 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OMSXP32.DLL
+ 2011-07-27 11:03 . 2011-07-27 11:03 661888 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OMSMAIN.DLL
+ 2011-07-20 11:28 . 2011-07-20 11:28 253824 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OLKFSTUB.DLL
+ 2011-07-20 11:28 . 2011-07-20 11:28 340320 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\MIMEDIR.DLL
+ 2011-11-06 19:08 . 2011-11-06 19:08 117160 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\IPOMINT.DLL
+ 2011-07-20 12:06 . 2011-07-20 12:06 176024 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\IPOLK.DLL
+ 2011-07-20 11:28 . 2011-07-20 11:28 138088 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\IMPMAIL.DLL
+ 2011-05-27 01:18 . 2011-05-27 01:18 115584 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\EMABLT32.DLL
+ 2011-07-27 09:55 . 2011-07-27 09:55 128376 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\CONTAB32.DLL
+ 2012-08-02 07:03 . 2012-08-02 07:03 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2011-11-06 19:08 . 2011-11-06 19:08 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2012-08-02 07:02 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-06-13 16:05 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-06-13 16:05 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-02 07:02 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-01 13:49 . 2012-06-06 05:05 1390080 c:\windows\SysWOW64\msxml6.dll
- 2011-04-10 02:02 . 2010-11-20 12:19 1390080 c:\windows\SysWOW64\msxml6.dll
- 2011-04-10 02:01 . 2010-11-20 12:19 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-08-01 13:49 . 2012-06-06 05:05 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-08-02 07:02 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll
- 2012-06-13 16:05 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-08-02 07:02 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-06-13 16:05 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-02 07:02 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-06-13 16:05 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-02 07:02 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
- 2012-06-13 16:05 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
+ 2012-08-02 07:02 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
- 2012-06-13 16:05 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
- 2011-04-10 02:02 . 2010-11-20 13:27 2004480 c:\windows\system32\msxml6.dll
+ 2012-08-01 13:49 . 2012-06-06 06:06 2004480 c:\windows\system32\msxml6.dll
+ 2012-08-01 13:49 . 2012-06-06 06:06 1881600 c:\windows\system32\msxml3.dll
- 2012-06-13 16:05 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll
+ 2012-08-02 07:02 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll
- 2012-06-13 16:05 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
+ 2012-08-02 07:02 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-06-13 16:21 3024824 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-08-02 07:25 3024824 c:\windows\system32\FNTCACHE.DAT
+ 2010-01-08 08:52 . 2012-08-02 16:51 1081344 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-08 08:52 . 2012-08-01 14:13 1081344 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-08-02 07:26 6024936 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-08-01 14:32 6024936 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-05-30 11:18 . 2012-05-30 11:18 1739264 c:\windows\Installer\93cbbf.msp
+ 2012-06-19 16:54 . 2012-06-19 16:54 2239488 c:\windows\Installer\93cb8b.msp
+ 2012-06-19 16:54 . 2012-06-19 16:54 5009920 c:\windows\Installer\93cb7a.msp
+ 2012-04-05 02:37 . 2012-04-05 02:37 2540544 c:\windows\Installer\93cb61.msp
+ 2012-04-05 02:37 . 2012-04-05 02:37 3149824 c:\windows\Installer\93cb39.msp
- 2010-01-09 03:18 . 2012-06-13 16:18 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-09 03:18 . 2012-06-13 16:18 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-01-09 03:18 . 2012-08-02 07:07 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-07-27 09:55 . 2011-07-27 09:55 3004800 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OLMAPI32.DLL
+ 2011-07-27 10:09 . 2011-07-27 10:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2011-07-27 10:09 . 2011-07-27 10:09 5484416 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\IPDESIGN.DLL
+ 2011-07-27 10:09 . 2011-07-27 10:09 1460088 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\INFOPATH.EXE
+ 2012-08-01 13:49 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll
- 2012-06-13 16:05 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll
+ 2012-08-02 07:02 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-08-02 07:23 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2012-02-16 17:23 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
+ 2012-08-01 13:49 . 2012-06-09 05:43 14172672 c:\windows\system32\shell32.dll
- 2012-06-13 16:05 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll
+ 2012-08-02 07:02 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll
+ 2012-08-02 07:02 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll
- 2012-06-13 16:05 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll
+ 2010-04-28 02:07 . 2012-08-03 12:38 27139432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3760283428-3516237525-1269332248-500-12288.dat
+ 2012-05-30 11:18 . 2012-05-30 11:18 11885056 c:\windows\Installer\93cbf2.msp
+ 2011-08-03 23:18 . 2011-08-03 23:18 12997488 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OUTLOOK.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="z:\program files (x86)\Steam\steam.exe" [2011-08-05 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"igndlm.exe"="z:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;z:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2010-12-26 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-11 1038088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-13 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 448512]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R3 WaveATSC;Lumanate Wave NTSC/ATSC Combo Device;c:\windows\system32\DRIVERS\WaveATSC.sys [2007-04-29 499584]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-13 283200]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/21 16:55];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 16:58 146928]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: bell.ca\www70.consumer.ecare
Trusted Zone: live.com\onecare
TCP: DhcpNameServer = 192.168.15.31
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\66kamsjy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - user.js: extentions.y2layers.installId - 5b81e908-0c2e-435b-804e-8501711bed58
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.

dfkmok · Aug 3, 2012

.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,90,
6d,f2,61,45,03,af,f0,41,fc,1e,7e,e7,64
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dd,
c4,72,f5,3c,0d,a4,7d,d6,65,c2,83,cc,b3
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,01,
69,c7,87,4b,08,ae,e2,9e,9a,f2,9f,69,59
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,1b,67,
e2,e9,ce,2a,06,bd,83,41,eb,42,17,8e,c2
"{11111111-1111-1111-1111-110011341191}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0c,04,
0e,26,40,76,5f,09,18,5b,40,12,72,55,8b
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:22,c8,c3,9a,93,2a,cd,01
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,65,6d,3d,62,25,b0,4e,bf,b9,4d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,2e,85,40,15,79,ad,4e,9b,b0,4b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,a6,0c,0b,47,68,4f,46,b3,48,ee,\
"027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,65,6d,3d,62,25,b0,4e,bf,b9,4d,\
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFO\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PDVD10IFOfile"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RMX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PDVD9RMXfile"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PDVD10VOBfile"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vpj\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NCH.VideoPad.vpj"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XDL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PDVD10XDLfile"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3760283428-3516237525-1269332248-500\Software\SecuROM\License information*]
"datasecu"=hex:a4,e7,3d,fb,3f,ee,64,ab,54,cf,d4,3e,b9,1b,6c,22,ca,de,a8,24,24,
56,2d,f6,b4,96,46,f5,4c,64,df,f6,84,97,5a,e9,c4,9b,e8,7f,01,a9,de,f8,bb,8c,\
"rkeysecu"=hex:d8,0a,73,71,36,55,a0,f8,ba,c4,a6,30,72,ba,a7,c5
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Completion time: 2012-08-03 09:18:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 13:18
ComboFix2.txt 2012-08-01 17:22
.
Pre-Run: 239,931,572,224 bytes free
Post-Run: 239,803,789,312 bytes free
.
- - End Of File - - 571956F25ADFFA8234A0AD8658F0E7B2

Jay Pfoutz · Aug 4, 2012

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

dfkmok · Aug 7, 2012

None of the above are happening. things seemed to have stabilized and everything seems to run smoothly. Had to manually take out the yontoo toolbar but that is all.

Jay Pfoutz · Aug 8, 2012

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name I.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive I.e. C
For a few moments the system will make some calculations:
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

Cleaned System Restore
Ran OTC
Ran TFC
Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

Jay Pfoutz · Aug 13, 2012

Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.

dfkmok · Aug 13, 2012

Hi:

Sorry about delay in posts, didn't have access to infected system.
Cleaned System Restore old checkpoints.
Created new checkpoint
Ran OTC with cleanup
Ran TFC
Ran Security Check and nothing showed up on log, thanks for all your help

Solved Live Security Platinum and corrupted MSE causing reboot

Posts: 18 +0

Posts: 4,279 +49

Posts: 18 +0

Posts: 18 +0

Posts: 4,279 +49

Posts: 18 +0

Posts: 4,279 +49

Posts: 18 +0

Posts: 18 +0

Posts: 4,279 +49

Posts: 18 +0

Posts: 18 +0

Posts: 18 +0

Posts: 18 +0

Posts: 4,279 +49

Posts: 18 +0

Posts: 18 +0

Posts: 4,279 +49

Posts: 18 +0

Posts: 18 +0

Posts: 4,279 +49

Posts: 18 +0

Posts: 4,279 +49

Posts: 4,279 +49

Posts: 18 +0

Similar threads