TechSpot

Rootkit.ZeroAccess problem

By ABhat
Jul 17, 2012
  1. Hi all,

    I'm currently trying to get rid of this Rootkit.ZeroAccess infection that Spyware Doctor with Antivirus keeps picking up. It's been detecting the threat about every 4 minutes since I began to update my Adobe CS6 programs, more specifically during the Flash Player installation. And on the Flash Player website, it has a message that says, "
    You may have to temporarily disable your antivirus software."


    Well, I didn't disable it and now I keep getting this message. Should I allow this, or is this suspicious and not expected? I've even rebooted my computer a couple of times so I don't know why I'm still getting the message. I don't see any running Adobe processes, either.

    I also started to begin the 5 step virus/malware removal guide posted elsewhere on this site. However, when I run MBAM, it keeps freezing after about 40,000 some items scanned. I will note, however, that I have scanned some individual folders with it without detecting anything ( usr/AppData/Local/Temp and Windows/Installer)

    Any ideas on what to do?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Complete as many steps as you can.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    I can't complete Step 2 because Malwarebytes keeps freezing after 40,000 items or so. How can I complete the scan?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

     
  5. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    I completed all the scans. MBAM found and removed the infections when I tried it in Safe Mode. However, after doing the two other scans (GMER detected nothing) and reconnecting my internet/antivirus, I'm still getting notifications about blocking the Rootkit.ZeroAccess activity. Here are my logs:

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.17.15

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
    Internet Explorer 9.0.8112.16421
    Amar :: BHATMAN [administrator]

    Protection: Disabled

    7/17/2012 11:35:07 PM
    mbam-log-2012-07-17 (23-35-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209125
    Time elapsed: 1 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\Installer\{3a6c7c9d-439f-b124-5279-f249b2306d84}\n (Trojan.Sirefef) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{3a6c7c9d-439f-b124-5279-f249b2306d84}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)


    ==================================================

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Amar at 0:14:48 on 2012-07-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8109.5541 [GMT -6:00]
    .
    AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe
    C:\Users\Amar\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe
    C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe
    C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe
    C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe
    C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe
    C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.msn.com
    uDefault_Page_URL = hxxp://www.msn.com
    mDefault_Page_URL = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    uURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
    uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Google Update] "C:\Users\Amar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Pokki] "C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe"
    uRun: [MusicManager] "C:\Users\Amar\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    uRun: [AdobeBridge]
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
    mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [<NO NAME>]
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5E8A3CDF-CB65-41A9-AF91-831560171A99} : NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{5E8A3CDF-CB65-41A9-AF91-831560171A99} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO-X64: Browser Defender BHO - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun-x64: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
    mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [(Default)]
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\x6kf24ji.default\
    FF - prefs.js: browser.startup.homepage - chrome://ubufox/locale/ubufox.properties
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Amar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Amar\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.1.1.76.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
    R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
    R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
    R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
    R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
    R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-2-11 546768]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-29 13592]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-17 655944]
    R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
    R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-2-11 402336]
    R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-2-11 1117624]
    R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2010-11-29 493384]
    R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
    R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
    R3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-11 136176]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-4-16 25832]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-29 130976]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-11 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-6 113120]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-18 00:20:48 -------- d-----w- C:\Users\Amar\AppData\Roaming\Malwarebytes
    2012-07-18 00:20:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-18 00:20:36 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-18 00:20:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-17 20:03:47 -------- d-----w- C:\Users\Amar\AppData\Local\Threat Expert
    2012-07-13 21:54:20 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-07-13 21:54:19 -------- d-----w- C:\Program Files (x86)\Steam
    2012-07-11 09:10:19 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 09:05:00 -------- d-----w- C:\92a943ab51d4926c0e9f73
    2012-07-10 21:04:38 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2012-07-10 21:03:41 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-07-10 21:03:41 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
    2012-07-10 21:03:41 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
    2012-07-10 21:03:41 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2012-07-10 21:03:41 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2012-07-10 21:03:41 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-07-10 21:03:41 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2012-07-10 21:03:41 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2012-07-10 21:03:41 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2012-07-10 21:03:41 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-07-10 21:03:41 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
    2012-07-10 21:03:41 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-07-10 21:03:41 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2012-07-08 22:53:45 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-06-21 21:37:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 21:36:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 21:36:45 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 21:36:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-21 04:17:04 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2012-06-21 04:14:51 -------- d-----w- C:\ProgramData\ALM
    2012-06-21 04:13:23 -------- d-----w- C:\Users\Amar\Adobe Flash Builder 4.6
    2012-06-21 04:09:28 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
    2012-06-21 04:09:28 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
    2012-06-21 04:09:28 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
    2012-06-21 04:09:28 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
    2012-06-21 04:09:28 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-06-21 04:09:24 -------- d-----w- C:\Program Files (x86)\My Company Name
    2012-06-21 03:39:54 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2012-06-21 03:19:47 -------- d-----w- C:\Users\Amar\AppData\Local\Macromedia
    .
    ==================== Find3M ====================
    .
    2012-07-17 20:14:59 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-17 20:14:59 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 06:09:44 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-06-11 19:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-06-11 19:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-06-11 19:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-06-11 19:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-06-11 19:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-06-11 19:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-06-11 19:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
    2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 0:15:28.83 ===============



    ===========================================


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/10/2012 3:11:40 PM
    System Uptime: 7/18/2012 12:00:27 AM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | Z68AP-D3
    Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 689.503 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 272.116 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP75: 7/9/2012 6:21:49 PM - Scheduled Checkpoint
    RP76: 7/11/2012 3:01:07 AM - Windows Update
    RP77: 7/13/2012 3:53:27 PM - Installed Steam
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Creative Suite 6 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Reader X (10.1.3)
    Adobe Widget Browser
    Adobe® Content Viewer
    Amazon MP3 Downloader 1.0.15
    Assassin's Creed Brotherhood
    Assassin's Creed II
    Assassin's Creed Revelations
    bl
    Browser Defender 4.0
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diablo III
    Dragon Age II
    Dragon Age: Origins
    EA Installer
    EA Shared Game Component: Activation
    Etron USB3.0 Host Controller
    Futuremark SystemInfo
    Google Chrome
    Google Drive
    Google Update Helper
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    Kingdoms of Amalur: Reckoning
    Last.fm 1.5.4.27091
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    Music Manager
    NirSoft ShellExView
    NVIDIA PhysX
    ON_OFF Charge B11.0110.1
    Origin
    PC Tools Spyware Doctor with AntiVirus 9.0
    PCSX2 - Playstation 2 Emulator
    PDF Settings CS6
    ph
    Pokki
    Pokki Download Helper
    Portal
    Portal 2
    PowerISO
    PunkBuster Services
    Realtek Ethernet Controller Driver
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Samsung Kies
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Splashtop Connect IE
    StarCraft II
    Steam
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    VLC media player 1.1.11
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/18/2012 12:01:00 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/18/2012 12:00:59 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/18/2012 12:00:59 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    7/18/2012 12:00:59 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    7/17/2012 6:19:23 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    7/17/2012 11:58:20 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2012 11:32:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    7/17/2012 11:32:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    7/17/2012 11:32:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/17/2012 11:32:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/17/2012 11:32:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/17/2012 11:32:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/17/2012 11:32:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/17/2012 11:32:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger DfsC discache NetBIOS NetBT nsiproxy pctgntdi PCTSD Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf ws2ifsl
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2012 11:32:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/16/2012 10:01:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
    7/13/2012 3:55:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    7/13/2012 3:55:08 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/13/2012 1:46:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    7/13/2012 1:46:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    7/13/2012 1:45:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
    7/13/2012 1:45:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
    7/13/2012 1:44:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  7. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 18-07-2012 15:58:46
    Running from G:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12632168 2011-07-21] (Realtek Semiconductor)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-03-19] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-03-19] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [439064 2012-03-19] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2659768 2012-01-11] (PC Tools)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-04-03] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [776064 2011-03-04] (Splashtop Inc.)
    HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Amar\...\Run: [Google Update] "C:\Users\Amar\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-11] (Google Inc.)
    HKU\Amar\...\Run: [Pokki] "C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe" [2551128 2012-07-05] (Pokki)
    HKU\Amar\...\Run: [MusicManager] "C:\Users\Amar\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
    HKU\Amar\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163848 2012-06-20] (Google)
    HKU\Amar\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-04-03] ()
    HKU\Amar\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [954256 2012-04-03] (Samsung)
    HKU\Amar\...\Run: [AdobeBridge] [x]
    HKU\Amar\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-07-13] (Valve Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{5E8A3CDF-CB65-41A9-AF91-831560171A99}: [NameServer]208.67.222.222,208.67.220.220

    ==================== Services (Whitelisted) ======

    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [546768 2012-01-16] (Threat Expert Ltd.)
    3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-02-27] ()
    2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
    2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402336 2012-01-11] (PC Tools)
    2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1117624 2012-01-11] (PC Tools)
    3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-01-11] (PC Tools)
    2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2010-11-29] (Splashtop Inc.)

    ========================== Drivers (Whitelisted) =============

    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [70760 2011-09-28] (PC Tools)
    0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [367912 2011-11-14] (PC Tools)
    0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2011-12-01] (PC Tools)
    0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096688 2011-12-01] (PC Tools)
    1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [339608 2012-01-11] (PC Tools)
    3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92896 2012-01-11] (PC Tools)
    1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [230952 2012-01-11] (PC Tools)
    0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65664 2012-01-11] (PC Tools)
    3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41968 2012-01-11] (PC Tools)
    0 TFSysMon; C:\Windows\System32\Drivers\TFSysMon.sys [706776 2012-01-11] (PC Tools)
    3 gdrv; \??\C:\Windows\gdrv.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-17 22:00 - 2012-07-17 22:00 - 00000056 ____A C:\Windows\setupact.log
    2012-07-17 22:00 - 2012-07-17 22:00 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-17 21:27 - 2012-07-17 21:27 - 00302592 ____A C:\Users\Amar\Downloads\718gywc8.exe
    2012-07-17 16:20 - 2012-07-17 16:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-17 16:20 - 2012-07-17 16:20 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Malwarebytes
    2012-07-17 16:20 - 2012-07-17 16:20 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-17 16:20 - 2012-07-17 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-17 16:20 - 2012-07-03 11:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-17 16:19 - 2012-07-17 16:19 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\mbam-setup-1.62.0.1300 (1).exe
    2012-07-17 16:15 - 2012-07-17 16:15 - 00078743 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\Unconfirmed 65528.crdownload
    2012-07-17 16:11 - 2012-07-17 22:17 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-17 12:03 - 2012-07-17 12:03 - 00000000 ____D C:\Users\Amar\AppData\Local\Threat Expert
    2012-07-13 13:54 - 2012-07-17 22:02 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-07-13 13:54 - 2012-07-13 13:54 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-07-13 13:52 - 2012-07-13 13:52 - 01606656 ____A C:\Users\Amar\Downloads\SteamInstall.msi
    2012-07-11 01:10 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 01:05 - 2012-07-11 01:08 - 00000000 ____D C:\92a943ab51d4926c0e9f73
    2012-07-11 01:03 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-11 01:03 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-11 01:03 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-11 01:03 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-11 01:03 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-11 01:03 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-11 01:03 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-11 01:03 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-11 01:03 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-11 01:03 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-11 01:03 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-11 01:03 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-11 01:03 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-11 01:03 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-11 01:03 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-11 01:03 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-11 01:03 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-11 01:03 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-11 01:03 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-11 01:03 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-11 01:03 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-11 01:03 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-11 01:03 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-11 01:03 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-11 01:03 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-11 01:03 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-11 01:03 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-11 01:03 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-10 13:04 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 13:04 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 13:04 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 13:04 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 13:04 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 13:04 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 13:04 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 13:04 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 13:04 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 13:04 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 13:04 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 13:04 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 13:04 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 13:04 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 13:04 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 13:04 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 13:04 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-10 13:03 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 13:03 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-09 06:21 - 2012-07-09 06:21 - 00000132 ____A C:\Users\Amar\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2012-07-08 14:53 - 2012-07-08 14:53 - 00000000 ____D C:\Users\All Users\ATI
    2012-07-08 14:53 - 2012-07-08 14:53 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-06-21 13:37 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 13:37 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 13:37 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 13:37 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 13:36 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 13:36 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 13:36 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 13:36 - 2012-06-02 13:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 13:36 - 2012-06-02 13:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-20 20:17 - 2012-06-20 20:17 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
    2012-06-20 20:14 - 2012-06-20 20:14 - 00000000 ____D C:\Users\All Users\ALM
    2012-06-20 20:13 - 2012-06-20 20:13 - 00000000 ____D C:\Users\Amar\Adobe Flash Builder 4.6
    2012-06-20 20:09 - 2012-06-20 20:09 - 00000000 ____D C:\Program Files (x86)\My Company Name
    2012-06-20 20:09 - 2011-11-03 01:01 - 00056208 ____N (Rovi Corporation) C:\Windows\System32\Drivers\PxHlpa64.sys
    2012-06-20 20:09 - 2011-10-17 01:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
    2012-06-20 20:09 - 2011-10-17 01:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
    2012-06-20 20:07 - 2012-07-17 11:34 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2012-06-20 20:07 - 2012-07-17 11:28 - 00000000 ____D C:\Program Files\Adobe
    2012-06-20 19:39 - 2012-06-20 19:39 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2012-06-20 19:19 - 2012-06-20 19:19 - 00000000 ____D C:\Users\Amar\AppData\Local\Macromedia
    2012-06-19 20:31 - 2012-06-20 19:28 - 00000000 ____D C:\Users\Amar\Documents\Adobe CS6
    2012-06-19 18:39 - 2011-12-07 09:42 - 524382208 ____A C:\Users\Amar\Documents\Hiren's.BootCD.15.1.iso
    2012-06-19 18:39 - 2011-12-07 09:42 - 00147456 ____A (TeraByte Unlimited) C:\Users\Amar\Documents\BurnCDCC.exe
    2012-06-19 18:39 - 2011-12-07 09:42 - 00070368 ____A (http://www.hiren.info) C:\Users\Amar\Documents\HBCDCustomizer.exe
    2012-06-19 18:39 - 2011-12-07 09:42 - 00046942 ____A C:\Users\Amar\Documents\HBCD.txt
    2012-06-19 18:39 - 2011-12-07 09:42 - 00035750 ____A C:\Users\Amar\Documents\DefaultKeyboardPatch.zip
    2012-06-19 18:39 - 2011-12-07 09:42 - 00003625 ____A C:\Users\Amar\Documents\changes.txt
    2012-06-19 18:39 - 2011-12-07 09:42 - 00000068 ____A C:\Users\Amar\Documents\BurnToCD.cmd


    ============ 3 Months Modified Files ========================

    2012-07-18 13:15 - 2012-02-11 20:58 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2711373950-613069114-3650545506-1001UA.job
    2012-07-18 13:07 - 2012-02-11 18:37 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-17 22:17 - 2012-07-17 16:11 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-17 22:13 - 2012-02-11 18:35 - 02074981 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-07-17 22:08 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-17 22:08 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-17 22:00 - 2012-07-17 22:00 - 00000056 ____A C:\Windows\setupact.log
    2012-07-17 22:00 - 2012-07-17 22:00 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-17 22:00 - 2012-02-11 18:37 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-17 22:00 - 2010-11-20 19:47 - 00140078 ____A C:\Windows\PFRO.log
    2012-07-17 22:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-17 21:27 - 2012-07-17 21:27 - 00302592 ____A C:\Users\Amar\Downloads\718gywc8.exe
    2012-07-17 20:26 - 2012-02-11 20:58 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2711373950-613069114-3650545506-1001Core.job
    2012-07-17 16:20 - 2012-07-17 16:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-17 16:19 - 2012-07-17 16:19 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\mbam-setup-1.62.0.1300 (1).exe
    2012-07-17 16:15 - 2012-07-17 16:15 - 00078743 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\Unconfirmed 65528.crdownload
    2012-07-17 15:26 - 2012-01-29 04:22 - 02004878 ____A C:\Windows\WindowsUpdate.log
    2012-07-17 12:14 - 2012-03-29 18:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-17 12:14 - 2012-03-29 18:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-13 13:54 - 2012-07-13 13:54 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-07-13 13:52 - 2012-07-13 13:52 - 01606656 ____A C:\Users\Amar\Downloads\SteamInstall.msi
    2012-07-12 14:06 - 2012-02-11 18:37 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-07-11 22:09 - 2012-04-13 11:09 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-07-11 01:33 - 2009-07-13 20:45 - 05058352 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 01:05 - 2012-02-11 13:46 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-09 06:21 - 2012-07-09 06:21 - 00000132 ____A C:\Users\Amar\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2012-07-09 05:37 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-03 11:46 - 2012-07-17 16:20 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-20 20:33 - 2012-02-10 14:12 - 00115368 ____A C:\Users\Amar\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-18 19:39 - 2012-02-11 22:34 - 00880496 ____A (BitTorrent, Inc.) C:\Users\Amar\Downloads\uTorrent.exe
    2012-06-13 13:32 - 2011-06-29 10:05 - 00018390 ____A C:\Windows\IE9_main.log
    2012-06-13 13:31 - 2012-06-13 13:31 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-06-13 13:31 - 2012-06-13 13:31 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-06-13 13:31 - 2012-06-13 13:31 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-06-13 13:31 - 2012-06-13 13:31 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-06-13 13:31 - 2012-06-13 13:31 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-06-13 13:31 - 2012-06-13 13:31 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-06-13 13:31 - 2012-06-13 13:31 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-06-13 13:31 - 2012-06-13 13:31 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-06-13 13:31 - 2012-06-13 13:31 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-06-11 19:08 - 2012-07-11 01:10 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 11:50 - 2012-06-11 11:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 11:50 - 2012-06-11 11:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 11:50 - 2012-06-11 11:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 11:50 - 2012-06-11 11:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 11:50 - 2012-06-11 11:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 11:50 - 2012-06-11 11:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 11:49 - 2012-06-11 11:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:24 - 2011-12-05 19:17 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 09:23 - 2011-12-05 19:16 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 09:16 - 2012-02-14 19:07 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 09:01 - 2011-12-05 18:51 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:45 - 2011-12-05 18:33 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 08:43 - 2011-12-05 18:28 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:25 - 2012-02-14 18:12 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 08:25 - 2011-12-05 18:11 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:24 - 2011-12-05 18:11 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-08 21:43 - 2012-07-10 13:04 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 13:04 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-06 16:51 - 2012-06-06 16:51 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-05 22:06 - 2012-07-10 13:04 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 13:04 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 13:03 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 13:04 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 13:04 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 13:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:52 - 2012-06-02 14:52 - 00001474 ____A C:\Users\Amar\Desktop\Diablo III - Shortcut.lnk
    2012-06-02 14:19 - 2012-06-21 13:37 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 13:37 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 13:37 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 13:36 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 13:36 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:16 - 2012-06-02 12:08 - 39571112 ____A C:\Users\Amar\Downloads\mdhgyurizanrocco_2k__.wmv.crdownload
    2012-06-02 14:15 - 2012-06-21 13:37 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 13:36 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 13:19 - 2012-06-21 13:36 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 13:15 - 2012-06-21 13:36 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 12:09 - 2012-06-02 12:09 - 00079057 ____A C:\Users\Amar\Downloads\[kat.ph]big.tits.round.***.24.05.12.yurizan.beltran.her.tits.are.huge.and.amazing.xxx.720p.torrent
    2012-06-02 04:49 - 2012-07-11 01:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-11 01:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-11 01:03 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-11 01:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-11 01:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-11 01:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-11 01:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-11 01:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-11 01:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-11 01:03 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-11 01:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-11 01:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-11 01:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-11 01:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-11 01:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-11 01:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-11 01:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-11 01:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-11 01:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-11 01:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-11 01:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-11 01:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-11 01:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-11 01:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-11 01:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-11 01:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-11 01:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-11 01:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-10 13:04 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 13:04 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 13:04 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 13:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 13:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 13:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 13:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 13:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 13:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-15 15:21 - 2012-05-15 15:21 - 32288896 ____A (Blizzard Entertainment) C:\Users\Amar\Downloads\Diablo-III-Setup-enUS.exe
    2012-05-13 15:23 - 2012-05-13 15:23 - 00017367 ____A C:\Users\Amar\Downloads\[isoHunt] Brendan Benson-What Kind of World 2012 320kbps mp3 (sizzler).torrent
    2012-05-13 15:20 - 2012-05-13 15:20 - 00016581 ____A C:\Users\Amar\Downloads\Brendan_Benson_-_What_Kind_Of_World_(2012)_Mp3_320_kbps_ChingLiu.torrent
    2012-05-12 20:16 - 2012-05-12 20:16 - 00647168 ____A (Internet Testing Systems) C:\Users\Amar\Downloads\PCSecureBrowser-May-13-2012.exe
    2012-05-08 09:54 - 2012-05-08 09:51 - 133799299 ____A C:\Users\Amar\Downloads\Allinon_Anemia_050812.onepkg
    2012-05-05 19:22 - 2012-05-05 19:22 - 00013806 ____A C:\Users\Amar\Downloads\[isoHunt] Drummer - Feel Good Together (2009) (MP3-V0).torrent
    2012-05-05 19:11 - 2012-02-11 22:34 - 00879984 ____A (BitTorrent, Inc.) C:\Users\Amar\Downloads\uTorrent.exe.27306.tmp
    2012-05-04 03:06 - 2012-06-13 13:20 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-06-13 13:19 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-13 13:20 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 13:20 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-06-13 13:19 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-05-03 20:33 - 2012-05-03 20:28 - 236029122 ____A C:\Users\Amar\Downloads\XWLP7-SHOstock2-v2.2.4.zip
    2012-05-03 19:40 - 2012-05-03 19:39 - 07352914 ____A C:\Users\Amar\Downloads\GalaxyS2ATTRootZedomax (1).zip
    2012-05-01 12:06 - 2012-05-01 12:06 - 00024936 ____A C:\Users\Amar\Downloads\config.bin
    2012-04-30 21:40 - 2012-06-13 13:19 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 18:51 - 2012-04-30 18:51 - 00027408 ____A C:\Users\Amar\Downloads\SARP Part B.odt
    2012-04-29 07:33 - 2012-04-29 07:33 - 00001693 ____A C:\Users\Amar\Desktop\Google Drive.lnk
    2012-04-29 07:32 - 2012-04-29 07:32 - 00740088 ____A (Google Inc.) C:\Users\Amar\Downloads\googledrivesync.exe
    2012-04-28 19:27 - 2012-04-28 19:27 - 11345778 ____A C:\Users\Amar\Downloads\Introduction to Emergency Medicine.pptx
    2012-04-28 19:27 - 2012-04-28 19:27 - 07120302 ____A C:\Users\Amar\Downloads\Pharmacology.pptx
    2012-04-28 19:27 - 2012-04-28 19:27 - 05672689 ____A C:\Users\Amar\Downloads\MI.pptx
    2012-04-28 19:27 - 2012-04-28 19:27 - 04657282 ____A C:\Users\Amar\Downloads\Cardiac_Dysrhythmias.pptx
    2012-04-27 19:55 - 2012-06-13 13:19 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 19:27 - 2012-04-26 19:00 - 732213248 ____A C:\Users\Amar\Downloads\ubuntu-12.04-desktop-amd64.iso
    2012-04-26 08:02 - 2012-04-26 08:02 - 05550956 ____A C:\Users\Amar\Downloads\Presentation Prep (1).pptx
    2012-04-25 21:41 - 2012-06-13 13:19 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 13:19 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 13:19 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-25 19:01 - 2012-04-25 19:01 - 04893478 ____A C:\Users\Amar\Downloads\1-Introduction to Emergency Medicine.pptx
    2012-04-25 19:01 - 2012-04-25 19:01 - 03862980 ____A C:\Users\Amar\Downloads\3-MI.pptx
    2012-04-25 19:01 - 2012-04-25 19:00 - 09538627 ____A C:\Users\Amar\Downloads\6-Pulmonary_Problems.pptx
    2012-04-25 19:01 - 2012-04-25 19:00 - 05825217 ____A C:\Users\Amar\Downloads\2-Pharmacology.pptx
    2012-04-25 19:01 - 2012-04-25 19:00 - 02586096 ____A C:\Users\Amar\Downloads\4-Cardiac_Dysrhythmias.pptx
    2012-04-25 19:00 - 2012-04-25 19:00 - 05374002 ____A C:\Users\Amar\Downloads\5-Neurology.pptx
    2012-04-25 19:00 - 2012-04-25 19:00 - 01844395 ____A C:\Users\Amar\Downloads\7-Infections.pptx
    2012-04-25 19:00 - 2012-04-25 19:00 - 01414925 ____A C:\Users\Amar\Downloads\8-Antibiotics.pptx
    2012-04-23 21:37 - 2012-06-13 13:19 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 13:19 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 13:19 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 13:19 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 13:19 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 13:19 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

    ZeroAccess:
    C:\Windows\Installer\{3a6c7c9d-439f-b124-5279-f249b2306d84}
    C:\Windows\Installer\{3a6c7c9d-439f-b124-5279-f249b2306d84}\@
    C:\Windows\Installer\{3a6c7c9d-439f-b124-5279-f249b2306d84}\L
    C:\Windows\Installer\{3a6c7c9d-439f-b124-5279-f249b2306d84}\U
    C:\Windows\Installer\{3a6c7c9d-439f-b124-5279-f249b2306d84}\U\80000000.@
    C:\Windows\Installer\{3a6c7c9d-439f-b124-5279-f249b2306d84}\U\800000cb.@

    ZeroAccess:
    C:\Users\Amar\AppData\Local\{3a6c7c9d-439f-b124-5279-f249b2306d84}
    C:\Users\Amar\AppData\Local\{3a6c7c9d-439f-b124-5279-f249b2306d84}\@
    C:\Users\Amar\AppData\Local\{3a6c7c9d-439f-b124-5279-f249b2306d84}\L
    C:\Users\Amar\AppData\Local\{3a6c7c9d-439f-b124-5279-f249b2306d84}\n
    C:\Users\Amar\AppData\Local\{3a6c7c9d-439f-b124-5279-f249b2306d84}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 10%
    Total physical RAM: 8109.11 MB
    Available physical RAM: 7290.15 MB
    Total Pagefile: 8107.31 MB
    Available Pagefile: 7287.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:690.05 GB) NTFS
    3 Drive g: (USB20FD) (Removable) (Total:30.22 GB) (Free:20.53 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 30 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 30 GB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G USB20FD FAT32 Removable 30 GB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-09 16:14

    ======================= End Of Log ==========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  9. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-18 17:04:47
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  11. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-18 17:25:33 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{3a6c7c9d-439f-b124-5279-f249b2306d84} moved successfully.
    C:\Users\Amar\AppData\Local\{3a6c7c9d-439f-b124-5279-f249b2306d84} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  12. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    I have completely shutdown my PC Tools Spyware Doctor with Antivirus, but Combofix still says that it detects Spyware Doctor running. The instructions in the link above to not have anything specific for Spyware Doctor with Antivirus (the Spyware Doctor instructions do not apply to this version of SDw/AV).
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    In that case run Combofix anyway.
     
  14. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    ComboFix 12-07-18.04 - Amar 07/18/2012 18:11:24.1.8 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8109.7230 [GMT -6:00]
    Running from: c:\users\Amar\Desktop\ComboFix.exe
    AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.dat
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-18 23:57 . 2012-07-18 23:58 -------- d-----w- C:\FRST
    2012-07-18 00:20 . 2012-07-18 00:20 -------- d-----w- c:\users\Amar\AppData\Roaming\Malwarebytes
    2012-07-18 00:20 . 2012-07-18 00:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 00:20 . 2012-07-18 00:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-18 00:20 . 2012-07-03 19:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-17 20:03 . 2012-07-17 20:03 -------- d-----w- c:\users\Amar\AppData\Local\Threat Expert
    2012-07-13 21:54 . 2012-07-13 22:03 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2012-07-13 21:54 . 2012-07-18 23:30 -------- d-----w- c:\program files (x86)\Steam
    2012-07-11 09:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 09:05 . 2012-07-11 09:08 -------- d-----w- C:\92a943ab51d4926c0e9f73
    2012-07-10 21:04 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-10 21:03 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2012-07-10 21:03 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
    2012-07-10 21:03 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2012-07-10 21:03 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-10 21:03 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2012-07-10 21:03 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-07-10 21:03 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
    2012-07-10 21:03 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2012-07-10 21:03 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
    2012-07-10 21:03 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2012-07-10 21:03 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2012-07-10 21:03 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2012-07-10 21:03 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-07-08 22:53 . 2012-07-08 22:53 -------- d-----w- c:\programdata\ATI
    2012-07-08 22:53 . 2012-07-08 22:53 -------- d-----w- c:\program files (x86)\AMD APP
    2012-06-21 21:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 21:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 21:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 21:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 21:36 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 21:36 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 21:36 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 21:36 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 21:36 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 04:17 . 2012-06-21 04:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2012-06-21 04:14 . 2012-06-21 04:14 -------- d-----w- c:\programdata\ALM
    2012-06-21 04:13 . 2012-06-21 04:13 -------- d-----w- c:\users\Amar\Adobe Flash Builder 4.6
    2012-06-21 04:09 . 2012-06-21 04:09 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
    2012-06-21 04:09 . 2012-06-21 04:09 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
    2012-06-21 04:09 . 2011-11-03 09:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
    2012-06-21 04:09 . 2011-10-17 09:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2012-06-21 04:09 . 2011-10-17 09:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2012-06-21 04:09 . 2012-06-21 04:09 -------- d-----w- c:\program files (x86)\My Company Name
    2012-06-21 04:07 . 2012-07-17 19:28 -------- d-----w- c:\program files\Adobe
    2012-06-21 04:07 . 2012-07-17 19:34 -------- d-----w- c:\program files\Common Files\Adobe
    2012-06-21 03:39 . 2012-06-21 03:39 -------- d-----w- c:\program files (x86)\AMD AVT
    2012-06-21 03:19 . 2012-06-21 03:19 -------- d-----w- c:\users\Amar\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-17 20:14 . 2012-03-30 02:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-17 20:14 . 2012-03-30 02:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 06:09 . 2012-04-13 19:09 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-11 09:05 . 2012-02-11 21:46 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-13 21:31 . 2012-06-13 21:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-06-13 21:31 . 2012-06-13 21:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-06-13 21:31 . 2012-06-13 21:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-06-13 21:31 . 2012-06-13 21:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-06-13 21:31 . 2012-06-13 21:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-06-13 21:31 . 2012-06-13 21:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-06-13 21:31 . 2012-06-13 21:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-06-13 21:31 . 2012-06-13 21:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-06-13 21:31 . 2012-06-13 21:31 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-06-13 21:31 . 2012-06-13 21:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-06-13 21:31 . 2012-06-13 21:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-06-13 21:31 . 2012-06-13 21:31 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-06-13 21:31 . 2012-06-13 21:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-06-13 21:31 . 2012-06-13 21:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-06-13 21:31 . 2012-06-13 21:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-06-13 21:31 . 2012-06-13 21:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-06-13 21:31 . 2012-06-13 21:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-06-13 21:31 . 2012-06-13 21:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-06-13 21:31 . 2012-06-13 21:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-06-13 21:31 . 2012-06-13 21:31 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-06-13 21:31 . 2012-06-13 21:31 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-06-13 21:31 . 2012-06-13 21:31 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-06-13 21:31 . 2012-06-13 21:31 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-06-13 21:31 . 2012-06-13 21:31 697344 ----a-w- c:\windows\system32\msfeeds.dll
    2012-06-13 21:31 . 2012-06-13 21:31 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-06-13 21:31 . 2012-06-13 21:31 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-06-13 21:31 . 2012-06-13 21:31 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-06-13 21:31 . 2012-06-13 21:31 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-06-13 21:31 . 2012-06-13 21:31 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-06-13 21:31 . 2012-06-13 21:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-06-13 21:31 . 2012-06-13 21:31 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-06-13 21:31 . 2012-06-13 21:31 448512 ----a-w- c:\windows\system32\html.iec
    2012-06-13 21:31 . 2012-06-13 21:31 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-06-13 21:31 . 2012-06-13 21:31 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-06-13 21:31 . 2012-06-13 21:31 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-06-13 21:31 . 2012-06-13 21:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-06-13 21:31 . 2012-06-13 21:31 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-06-13 21:31 . 2012-06-13 21:31 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-06-13 21:31 . 2012-06-13 21:31 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-06-13 21:31 . 2012-06-13 21:31 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-06-13 21:31 . 2012-06-13 21:31 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-06-13 21:31 . 2012-06-13 21:31 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-06-13 21:31 . 2012-06-13 21:31 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-06-13 21:31 . 2012-06-13 21:31 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-06-13 21:31 . 2012-06-13 21:31 149504 ----a-w- c:\windows\system32\occache.dll
    2012-06-13 21:31 . 2012-06-13 21:31 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-06-13 21:31 . 2012-06-13 21:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-06-13 21:31 . 2012-06-13 21:31 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-06-13 21:31 . 2012-06-13 21:31 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-06-13 21:31 . 2012-06-13 21:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-06-13 21:31 . 2012-06-13 21:31 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-06-13 21:31 . 2012-06-13 21:31 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-06-11 19:50 . 2012-06-11 19:50 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 19:50 . 2012-06-11 19:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-06-11 19:50 . 2012-06-11 19:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 19:50 . 2012-06-11 19:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-06-11 19:50 . 2012-06-11 19:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-06-11 19:50 . 2012-06-11 19:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
    2012-06-11 19:49 . 2012-06-11 19:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2011-12-06 03:17 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2011-12-06 03:16 1090560 ----a-w- c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2012-02-15 03:07 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2011-12-06 02:51 6914560 ----a-w- c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2011-12-06 02:33 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2011-12-06 02:28 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2012-02-15 02:12 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]
    .
    [HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
    [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
    [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pokki"="c:\users\Amar\AppData\Local\Pokki\v0.259\pokki.exe" [2012-07-06 2551128]
    "MusicManager"="c:\users\Amar\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-21 12163848]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-13 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
    "STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]
    "ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService"
    .
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-01-11 65664]
    R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-01-11 706776]
    R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-01-11 230952]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-01-16 546768]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 136176]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    R2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
    R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2010-11-30 493384]
    R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 136176]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2011-09-28 70760]
    R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-01-11 92896]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-01-11 402336]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-01-11 41968]
    R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-01 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2011-11-14 367912]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2011-12-01 453896]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2011-12-01 1096688]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-01-11 339608]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 02:37]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 02:37]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2711373950-613069114-3650545506-1001Core.job
    - c:\users\Amar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-12 04:58]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2711373950-613069114-3650545506-1001UA.job
    - c:\users\Amar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-12 04:58]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-06-21 01:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-06-21 01:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-06-21 01:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-06-21 01:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5E8A3CDF-CB65-41A9-AF91-831560171A99}: NameServer = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\x6kf24ji.default\
    FF - prefs.js: browser.startup.homepage - chrome://ubufox/locale/ubufox.properties
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-18 18:16:01
    ComboFix-quarantined-files.txt 2012-07-19 00:16
    .
    Pre-Run: 740,526,522,368 bytes free
    Post-Run: 741,111,275,520 bytes free
    .
    - - End Of File - - 616310681922E9A0CE55D2D7A454F314
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good :)

    Any current issues?

    =================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Well, my computer's been running with the antivirus on for about 20 minutes and I haven't gotten any notification that the activity is ongoing, so that's pretty great. Thanks so much for the help!

    Should I rescan with MBAM and download OTL and post logs again like your post says? Or is that just if I'm still having issues?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good news but we have to complete cleaning process.
    Most bad guys should be out by now but I have to make sure you wont; be back two days from now :)
     
  18. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.18.13

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Amar :: BHATMAN [administrator]

    Protection: Disabled

    7/18/2012 8:12:13 PM
    mbam-log-2012-07-18 (20-12-13).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 191752
    Time elapsed: 1 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  19. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Part 1 of OTL file:

    OTL logfile created on: 7/18/2012 8:28:47 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Amar\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.92 Gb Total Physical Memory | 7.10 Gb Available Physical Memory | 89.60% Memory free
    15.84 Gb Paging File | 15.05 Gb Available in Paging File | 95.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 690.29 Gb Free Space | 74.11% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 272.23 Gb Free Space | 29.22% Space Free | Partition Type: NTFS

    Computer Name: BHATMAN | User Name: Amar | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/18 20:27:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Amar\Downloads\OTL.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/06/11 11:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/04/06 18:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/18 15:10:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/13 15:55:03 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
    SRV - [2012/02/27 17:44:38 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/01/16 17:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2012/01/11 17:18:14 | 001,117,624 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2012/01/11 15:56:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2012/01/11 15:56:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
    SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/05/20 12:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2011/03/22 02:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
    SRV - [2011/03/01 20:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
    SRV - [2010/11/29 22:20:28 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
    SRV - [2010/11/15 05:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
    SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/15 14:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/06/11 12:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2012/06/11 12:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/06/11 10:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/24 03:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
    DRV:64bit: - [2012/02/24 03:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    DRV:64bit: - [2012/01/11 17:19:34 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
    DRV:64bit: - [2012/01/11 17:19:08 | 000,230,952 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
    DRV:64bit: - [2012/01/11 17:14:42 | 000,339,608 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
    DRV:64bit: - [2012/01/11 15:56:12 | 000,706,776 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
    DRV:64bit: - [2012/01/11 15:56:10 | 000,065,664 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
    DRV:64bit: - [2012/01/11 15:56:10 | 000,041,968 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
    DRV:64bit: - [2011/12/01 17:07:10 | 001,096,688 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
    DRV:64bit: - [2011/12/01 17:07:08 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
    DRV:64bit: - [2011/11/14 16:12:28 | 000,367,912 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
    DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/09/28 14:14:02 | 000,070,760 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
    DRV:64bit: - [2011/07/28 21:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
    DRV:64bit: - [2011/07/28 21:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
    DRV:64bit: - [2011/07/06 04:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2011/05/31 21:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/20 11:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/10 20:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
    DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2009/11/08 21:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
    IE - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\..\SearchScopes,DefaultScope = {1D049E76-EAB9-4b7b-8166-BF4D20D985FA}
    IE - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\..\SearchScopes\{1D049E76-EAB9-4b7b-8166-BF4D20D985FA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
    IE - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\..\SearchScopes\{533F7E12-E8F1-4788-A193-218D80BA9065}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
    IE - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\..\SearchScopes\{B866E0BB-FD15-4419-A2D0-18C1EF259FBC}: "URL" = http://www.google.com/cse?cx=partne...b-3794288947762788:7941509802&q={searchTerms}
    IE - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "chrome://ubufox/locale/ubufox.properties"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
    FF - HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper: C:\Users\Amar\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.1.1.76.dll (Pokki)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/02/11 20:36:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/27 10:28:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 15:10:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 15:10:15 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/02/10 16:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amar\AppData\Roaming\Mozilla\Extensions
    [2012/02/11 01:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\l10v4g05.default\extensions
    [2012/02/11 01:22:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\l10v4g05.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/07/09 07:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\x6kf24ji.default\extensions
    [2012/06/22 20:25:47 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\x6kf24ji.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
    [2012/06/06 19:10:24 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\x6kf24ji.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/07/08 16:57:15 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\x6kf24ji.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}
    [2012/06/18 19:32:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\x6kf24ji.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/06/06 18:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/18 19:32:24 | 000,527,037 | ---- | M] () (No name found) -- C:\USERS\AMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6KF24JI.DEFAULT\EXTENSIONS\{7F57CF46-4467-4C2D-ADFA-0CBA7C507E54}.XPI
    [2012/06/06 19:10:24 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\AMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6KF24JI.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
    [2012/06/27 23:19:31 | 000,637,327 | ---- | M] () (No name found) -- C:\USERS\AMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6KF24JI.DEFAULT\EXTENSIONS\FEEDLY@DEVHD.XPI
    [2012/07/09 07:39:23 | 000,066,139 | ---- | M] () (No name found) -- C:\USERS\AMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6KF24JI.DEFAULT\EXTENSIONS\OMNIBAR@AJITK.COM.XPI
    [2012/06/07 17:22:28 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\AMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6KF24JI.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
    [2012/06/18 19:32:24 | 000,325,600 | ---- | M] () (No name found) -- C:\USERS\AMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6KF24JI.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
    [2012/07/18 15:10:15 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/01 09:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/01 09:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
     
  20. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Part 2 of OTL file:

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Pokki Download Helper (Enabled) = C:\Users\Amar\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.1.1.76.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: Google Translate = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
    CHR - Extension: Backspace As Back/Forward for Linux = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeffggjddcchloadflonilaahpclmbnm\0.52.0_0\
    CHR - Extension: WOT = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.0_0\
    CHR - Extension: YouTube = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google Search = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Torrent Turbo Search = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcdgomceilgkonhjheaijcmgfhabmpio\3.5.5.9_0\
    CHR - Extension: Last.fm Scrobbler = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm\1.9_0\
    CHR - Extension: Flood-It! = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
    CHR - Extension: feedly = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\10.2.437_0\
    CHR - Extension: Evernote Web = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
    CHR - Extension: Google Mail Checker = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
    CHR - Extension: Bastion = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\
    CHR - Extension: Gmail = C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/18 18:14:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
    O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
    O4 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001..\Run: [MusicManager] C:\Users\Amar\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
    O4 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001..\Run: [Pokki] C:\Users\Amar\AppData\Local\Pokki\v0.259\pokki.exe (Pokki)
    O4 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2711373950-613069114-3650545506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E8A3CDF-CB65-41A9-AF91-831560171A99}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E8A3CDF-CB65-41A9-AF91-831560171A99}: NameServer = 208.67.222.222,208.67.220.220
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/18 18:28:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/18 18:16:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/18 18:10:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/18 18:10:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/18 18:10:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/18 17:57:35 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/18 17:43:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/18 17:43:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/17 23:58:25 | 000,000,000 | ---D | C] -- C:\Users\Amar\Documents\Malware Logs
    [2012/07/17 18:20:48 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Malwarebytes
    [2012/07/17 18:20:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/17 18:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/17 18:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/17 18:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/17 14:03:47 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Local\Threat Expert
    [2012/07/13 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/07/13 15:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2012/07/13 15:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/07/13 15:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2012/07/11 03:05:00 | 000,000,000 | ---D | C] -- C:\92a943ab51d4926c0e9f73
    [2012/07/08 16:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/07/08 16:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012/07/08 16:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2012/06/20 22:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2012/06/20 22:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
    [2012/06/20 22:13:23 | 000,000,000 | ---D | C] -- C:\Users\Amar\Adobe Flash Builder 4.6
    [2012/06/20 22:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
    [2012/06/20 22:09:28 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
    [2012/06/20 22:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
    [2012/06/20 22:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
    [2012/06/20 22:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
    [2012/06/20 22:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
    [2012/06/20 22:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2012/06/20 22:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2012/06/20 21:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
    [2012/06/20 21:19:47 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Local\Macromedia
    [2012/06/19 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\Amar\Documents\Adobe CS6
    [2012/06/19 20:39:24 | 000,147,456 | ---- | C] (TeraByte Unlimited) -- C:\Users\Amar\Documents\BurnCDCC.exe
    [2012/06/19 20:39:24 | 000,070,368 | ---- | C] (http://www.hiren.info) -- C:\Users\Amar\Documents\HBCDCustomizer.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/07/18 20:11:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/18 20:10:51 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/18 20:05:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/18 19:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2711373950-613069114-3650545506-1001UA.job
    [2012/07/18 18:46:58 | 002,074,981 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/07/18 18:37:34 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/18 18:37:34 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/18 18:30:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/18 18:14:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/17 22:26:48 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2711373950-613069114-3650545506-1001Core.job
    [2012/07/17 18:20:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/16 11:28:26 | 000,040,600 | ---- | M] () -- C:\Users\Amar\Documents\Embroidery Return 2.pdf
    [2012/07/16 11:27:52 | 000,040,600 | ---- | M] () -- C:\Users\Amar\Documents\Embroidery Return 1.pdf
    [2012/07/13 15:54:21 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [2012/07/12 16:06:06 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/07/11 03:33:21 | 005,058,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/09 08:21:04 | 000,000,132 | ---- | M] () -- C:\Users\Amar\AppData\Roaming\Adobe BMP Format CS6 Prefs
    [2012/07/09 07:37:22 | 000,957,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/09 07:37:22 | 000,218,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/09 07:37:22 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/07/18 18:10:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/18 18:10:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/18 18:10:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/18 18:10:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/18 18:10:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/17 18:20:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 13:36:30 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
    [2012/07/16 11:28:26 | 000,040,600 | ---- | C] () -- C:\Users\Amar\Documents\Embroidery Return 2.pdf
    [2012/07/16 11:27:52 | 000,040,600 | ---- | C] () -- C:\Users\Amar\Documents\Embroidery Return 1.pdf
    [2012/07/13 15:54:21 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2012/07/09 08:21:04 | 000,000,132 | ---- | C] () -- C:\Users\Amar\AppData\Roaming\Adobe BMP Format CS6 Prefs
    [2012/06/20 22:11:37 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    [2012/06/20 22:11:37 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    [2012/06/20 22:09:57 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
    [2012/06/20 22:08:17 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    [2012/06/19 20:39:24 | 524,382,208 | ---- | C] () -- C:\Users\Amar\Documents\Hiren's.BootCD.15.1.iso
    [2012/06/19 20:39:24 | 000,035,750 | ---- | C] () -- C:\Users\Amar\Documents\DefaultKeyboardPatch.zip
    [2012/06/19 20:39:24 | 000,000,068 | ---- | C] () -- C:\Users\Amar\Documents\BurnToCD.cmd
    [2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/02/27 17:44:39 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/02/27 17:44:38 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/02/14 20:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 20:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/02/11 20:36:46 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2012/01/29 06:44:32 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
    [2012/01/29 06:40:35 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/01/29 06:23:12 | 000,053,248 | R--- | C] () -- C:\Windows\SysWow64\CSVer.dll
    [2012/01/29 06:21:36 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/03/01 16:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    ========== LOP Check ==========

    [2012/03/28 01:00:10 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Amazon
    [2012/02/11 22:47:33 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\OpenOffice.org
    [2012/02/10 17:07:13 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Origin
    [2012/02/27 17:44:34 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\PunkBuster
    [2012/02/11 04:31:31 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Rainmeter
    [2012/03/31 01:36:22 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Samsung
    [2012/02/10 16:12:37 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Splashtop
    [2012/02/10 16:26:23 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\TestApp
    [2012/02/27 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Ubisoft
    [2012/06/27 10:27:17 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\uTorrent
    [2009/07/13 23:08:49 | 000,017,902 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

    < End of report >
     
  21. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Extras file:

    OTL Extras logfile created on: 7/18/2012 8:28:49 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Amar\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.92 Gb Total Physical Memory | 7.10 Gb Available Physical Memory | 89.60% Memory free
    15.84 Gb Paging File | 15.05 Gb Available in Paging File | 95.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 690.29 Gb Free Space | 74.11% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 272.23 Gb Free Space | 29.22% Space Free | Partition Type: NTFS

    Computer Name: BHATMAN | User Name: Amar | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-2711373950-613069114-3650545506-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
    "{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "WinRAR archiver" = WinRAR 4.10 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
    "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
    "{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
    "{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
    "{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
    "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
    "{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
    "{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
    "{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Kingdoms of Amalur: Reckoning
    "{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
    "{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
    "{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
    "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
    "{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
    "{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
    "{D7782BD1-CD9A-0A73-083F-CB9779A17825}" = Adobe® Content Viewer
    "{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
    "{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
    "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
    "{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
    "{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
    "{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
    "Browser Defender_is1" = Browser Defender 4.0
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "com.adobe.dmp.contentviewer" = Adobe® Content Viewer
    "com.adobe.WidgetBrowser" = Adobe Widget Browser
    "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
    "Diablo III" = Diablo III
    "EA Installer.1635480076" = EA Installer
    "Google Chrome" = Google Chrome
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "LastFM_is1" = Last.fm 1.5.4.27091
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NirSoft ShellExView" = NirSoft ShellExView
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Origin" = Origin
    "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
    "PowerISO" = PowerISO
    "PunkBusterSvc" = PunkBuster Services
    "Spyware Doctor" = PC Tools Spyware Doctor with AntiVirus 9.0
    "StarCraft II" = StarCraft II
    "Steam App 400" = Portal
    "Steam App 620" = Portal 2
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2711373950-613069114-3650545506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "MusicManager" = Music Manager
    "Pokki" = Pokki
    "PokkiDownloadHelper" = Pokki Download Helper

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/19/2012 9:47:08 PM | Computer Name = Bhatman | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 6/19/2012 9:47:27 PM | Computer Name = Bhatman | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
    "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
    on line 2. Invalid Xml syntax.

    Error - 6/20/2012 11:16:54 PM | Computer Name = Bhatman | Source = WinMgmt | ID = 10
    Description =

    Error - 6/21/2012 12:32:59 AM | Computer Name = Bhatman | Source = WinMgmt | ID = 10
    Description =

    Error - 6/21/2012 12:36:41 AM | Computer Name = Bhatman | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 6cc Start
    Time: 01cd4f66e87ec3f8 Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE

    Report
    Id: 7e562ff9-bb5a-11e1-b9ee-50e549e5a00e

    Error - 6/21/2012 12:41:47 AM | Computer Name = Bhatman | Source = WinMgmt | ID = 10
    Description =

    Error - 6/21/2012 12:56:50 AM | Computer Name = Bhatman | Source = WinMgmt | ID = 10
    Description =

    Error - 6/28/2012 8:08:35 PM | Computer Name = Bhatman | Source = WinMgmt | ID = 10
    Description =

    Error - 6/29/2012 3:36:29 AM | Computer Name = Bhatman | Source = Application Error | ID = 1000
    Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
    0x4e5ddda5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000532d0 Faulting process
    id: 0x2180 Faulting application start time: 0x01cd55bdcf74a980 Faulting application
    path: C:\Emulation\Dolphin XBC HLE Patch x64\Dolphin.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 234fb247-c1bd-11e1-b348-50e549e5a00e

    Error - 7/8/2012 6:36:48 PM | Computer Name = Bhatman | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 6/22/2012 9:55:52 PM | Computer Name = Bhatman | Source = Service Control Manager | ID = 7034
    Description = The Google Update Service (gupdate) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 6/22/2012 9:56:22 PM | Computer Name = Bhatman | Source = DCOM | ID = 10010
    Description =

    Error - 6/24/2012 6:29:18 PM | Computer Name = Bhatman | Source = DCOM | ID = 10010
    Description =

    Error - 6/25/2012 12:53:07 AM | Computer Name = Bhatman | Source = PCTCore | ID = 327960
    Description = The item store is corrupted: @5647.

    Error - 7/3/2012 3:08:19 PM | Computer Name = Bhatman | Source = PCTCore | ID = 327960
    Description = The item store is corrupted: @5647.

    Error - 7/9/2012 9:35:50 AM | Computer Name = Bhatman | Source = PCTCore | ID = 327960
    Description = The item store is corrupted: @5512.

    Error - 7/9/2012 9:36:30 AM | Computer Name = Bhatman | Source = PCTCore | ID = 327960
    Description = The item store is corrupted: @5647.

    Error - 7/11/2012 3:18:44 PM | Computer Name = Bhatman | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 7/11/2012 6:34:25 PM | Computer Name = Bhatman | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:30:13 PM on ?7/?11/?2012 was unexpected.

    Error - 7/12/2012 2:06:35 AM | Computer Name = Bhatman | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:03:24 AM on ?7/?12/?2012 was unexpected.


    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      [2012/07/18 17:57:35 | 000,000,000 | ---D | C] -- C:\FRST
      @Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    C:\FRST\Quarantine\{3a6c7c9d-439f-b124-5279-f249b2306d84}\{3a6c7c9d-439f-b124-5279-f249b2306d84}\U folder moved successfully.
    C:\FRST\Quarantine\{3a6c7c9d-439f-b124-5279-f249b2306d84}\{3a6c7c9d-439f-b124-5279-f249b2306d84}\L folder moved successfully.
    C:\FRST\Quarantine\{3a6c7c9d-439f-b124-5279-f249b2306d84}\{3a6c7c9d-439f-b124-5279-f249b2306d84} folder moved successfully.
    C:\FRST\Quarantine\{3a6c7c9d-439f-b124-5279-f249b2306d84}\U folder moved successfully.
    C:\FRST\Quarantine\{3a6c7c9d-439f-b124-5279-f249b2306d84}\L folder moved successfully.
    C:\FRST\Quarantine\{3a6c7c9d-439f-b124-5279-f249b2306d84} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Amar
    ->Temp folder emptied: 26120944 bytes
    ->Temporary Internet Files folder emptied: 25967662 bytes
    ->Java cache emptied: 6166396 bytes
    ->FireFox cache emptied: 240615607 bytes
    ->Google Chrome cache emptied: 46412612 bytes
    ->Flash cache emptied: 119996 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15648 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66717 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 330.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Amar
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Amar
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07182012_204952

    Files\Folders moved on Reboot...
    File move failed. C:\Users\Amar\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    [2012/02/10 16:12:46 | 000,000,000 | ---- | M] () C:\Users\Amar\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  24. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    PC Tools Spyware Doctor with AntiVirus 9.0
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    PC Tools Spyware Doctor with AntiVirus 9.0
    Java(TM) 6 Update 31
    Adobe Flash Player 11.3.300.265
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  25. ABhat

    ABhat TS Rookie Topic Starter Posts: 24

    Farbar Service Scanner Version: 08-07-2012
    Ran by Amar (administrator) on 18-07-2012 at 20:59:54
    Running from "C:\Users\Amar\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Network
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.

    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...