TechSpot

Sirefef and Live Platinum

By dreborn
Jun 15, 2012
  1. Hi all, somehow Live Platinum fake antivirus program started running on my system. I was just browsing around the internet, didn't even click/download on anything. I followed instructions to remove it but I think it made it worse and now I have sirefef with my computer restarting every 60 seconds, firewall not being able to turn on, and mse not being able to start. Please help!

    Scan result of Farbar Recovery Scan Tool Version: 14-06-2012
    Ran by SYSTEM at 15-06-2012 00:17:30
    Running from G:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-02-14] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2011-11-13] (VMware, Inc.)
    HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2011-12-06] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
    HKU\Dragon\...\Run: [Spotify] "C:\Users\Dragon\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [9478320 2012-05-11] (Spotify Ltd)
    HKU\Dragon\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Dragon\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
    HKU\Dragon\...\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-21] ()
    HKU\Dragon\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Dragon\...\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [231424 2012-04-05] ()
    HKU\Dragon\...\Run: [Spotify Web Helper] "C:\Users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-11] ()
    HKU\Guest\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
    HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Guest\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH4A.EXE /EPT "EPLTarget\P0000000000000000" /M "WP-4540 Series" /EF "HKCU" [239488 2011-07-18] (SEIKO EPSON CORPORATION)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
    ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
    Startup: C:\Users\Dragon\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Dragon\Start Menu\Programs\Startup\RealTemp.exe - Shortcut.lnk
    ShortcutTarget: RealTemp.exe - Shortcut.lnk -> C:\Downloads\RealTemp_370\RealTemp.exe (No File)
    Startup: C:\Users\Dragon\Start Menu\Programs\Startup\SABnzbd.lnk
    ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
    Startup: C:\Users\Dragon\Start Menu\Programs\Startup\Trillian.lnk
    ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
    Startup: C:\Users\Dragon\Start Menu\Programs\Startup\volume.ahk ()

    ==================== Services (Whitelisted) ======

    2 atnthost; "C:\ProgramData\webex\MyWebEx\319\atnthost.exe" [16776 2011-12-14] (WebEx Communications, Inc.)
    2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe service [261632 2012-02-07] ()
    2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [222720 2011-03-16] (CrashPlan)
    2 EpsonCustomerParticipation; "C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe" [555392 2011-06-09] (SEIKO EPSON CORPORATION)
    4 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2011-12-09] (Futuremark Corporation)
    2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-21] (LogMeIn, Inc.)
    2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-21] (LogMeIn, Inc.)
    2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-06] (Mozilla Foundation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [45056 2012-03-14] (Intuit)
    3 QBFCService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2011-08-19] (Intuit Inc.)
    2 QBVSS; "C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe" [1248256 2011-08-19] (Intuit Inc.)
    2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [846448 2011-08-29] (VMware, Inc.)
    2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-04-10] ()
    3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [21504 2011-09-26] (Apache Software Foundation)
    3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld [9690112 2012-01-25] ()
    2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [x]
    2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [x]

    ========================== Drivers (Whitelisted) =============

    3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [106496 2012-01-20] (SteelSeries Corporation)
    2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
    3 hitmanpro35; \??\C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-06-14] ()
    2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
    3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
    2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [34944 2012-01-20] (SteelSeries Corporation)
    4 LMIRfsClientNP; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-15 00:17 - 2012-06-15 00:17 - 00000000 ____D C:\FRST
    2012-06-14 23:03 - 2012-06-14 23:03 - 00136012 ____A C:\TDSSKiller.2.7.39.0_15.06.2012_00.03.56_log.txt
    2012-06-14 23:03 - 2012-06-14 23:03 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\83023745.sys
    2012-06-14 23:03 - 2012-06-14 07:12 - 02127448 ____A (Kaspersky Lab ZAO) C:\Users\Dragon\Desktop\TDSSKiller.exe
    2012-06-14 22:16 - 2012-06-14 22:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-14 22:16 - 2012-06-14 22:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-14 22:11 - 2012-06-14 22:11 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-06-14 22:10 - 2012-06-14 22:10 - 00000808 ____A C:\Windows\System32\.crusader
    2012-06-14 22:06 - 2012-06-14 22:10 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Malwarebytes
    2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-14 21:55 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-14 21:52 - 2012-06-14 21:52 - 00000361 ____A C:\rkill.log
    2012-06-14 21:44 - 2012-06-14 22:48 - 01232802 ____A C:\Windows\ntbtlog.txt
    2012-06-14 21:42 - 2012-06-14 21:42 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-14 21:38 - 2012-06-14 21:38 - 00000000 ____D C:\Users\All Users\99058D9B000415CB00038E50B4EB2331
    2012-06-14 20:25 - 2012-06-14 20:25 - 00000000 __RHD C:\ESD
    2012-06-14 17:47 - 2012-06-14 17:47 - 00000000 ____D C:\Users\Dragon\AppData\Local\Macromedia
    2012-06-14 10:07 - 2012-06-14 20:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-14 08:59 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 08:59 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 08:59 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 08:59 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 08:59 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 08:59 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 08:59 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 08:59 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 08:59 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 08:59 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 08:59 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 08:59 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 08:59 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 08:59 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 08:59 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 08:59 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 08:59 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 08:59 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 08:59 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 08:59 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 08:59 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 08:59 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 08:59 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 08:59 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 08:59 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 08:59 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 08:59 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 08:59 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 15:58 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 15:58 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 15:58 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 15:58 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 15:58 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 15:58 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 15:58 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 15:58 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 15:58 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 15:58 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 15:58 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 15:58 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 15:58 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 15:58 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 15:58 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 15:58 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 15:58 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-08 14:55 - 2012-06-08 14:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Notepad++
    2012-06-08 14:20 - 2012-06-08 14:20 - 00143766 ____A C:\Users\Guest\Downloads\Service Agreement - NY.pdf
    2012-06-06 22:54 - 2012-06-06 22:54 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-06 22:54 - 2012-06-06 22:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-03 17:57 - 2012-06-03 17:57 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2012-06-03 17:13 - 2012-06-03 17:13 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-06-03 17:12 - 2012-06-03 17:13 - 00137352 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_18.12.55_log.txt
    2012-05-29 11:36 - 2012-05-29 11:38 - 00001348 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
    2012-05-29 11:36 - 2012-05-29 11:37 - 00000144 ____A C:\Users\Dragon\umbrella0.log
    2012-05-29 11:36 - 2012-05-29 11:37 - 00000000 ____D C:\Users\Dragon\.shsh
    2012-05-28 15:32 - 2012-05-28 15:32 - 00000000 ____D C:\Users\Dragon\AppData\Local\libimobiledevice
    2012-05-20 20:55 - 2012-06-14 10:53 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-20 20:55 - 2012-05-20 20:55 - 00000000 ____D C:\Windows\System32\Macromed
    2012-05-20 10:14 - 2012-06-06 22:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-05-20 10:14 - 2012-05-20 10:14 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Mozilla
    2012-05-20 10:14 - 2012-05-20 10:14 - 00000000 ____D C:\Users\Dragon\AppData\Local\Mozilla
    2012-05-19 14:28 - 2012-06-06 22:09 - 00000000 ____D C:\Program Files (x86)\Diablo III

    ============ 3 Months Modified Files and Folders =============

    2012-06-15 00:17 - 2012-06-15 00:17 - 00000000 ____D C:\FRST
    2012-06-14 23:12 - 2012-04-10 10:58 - 00000000 ____D C:\Users\All Users\VMware
    2012-06-14 23:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-14 23:12 - 2009-07-13 20:51 - 00040624 ____A C:\Windows\setupact.log
    2012-06-14 23:04 - 2012-06-14 23:03 - 00136012 ____A C:\TDSSKiller.2.7.39.0_15.06.2012_00.03.56_log.txt
    2012-06-14 23:04 - 2012-02-18 22:44 - 01696751 ____A C:\Windows\WindowsUpdate.log
    2012-06-14 23:03 - 2012-06-14 23:03 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\83023745.sys
    2012-06-14 23:03 - 2012-02-25 17:46 - 00000000 ___HD C:\jexepackres
    2012-06-14 23:03 - 2012-02-20 23:20 - 00015342 ____A C:\test.log
    2012-06-14 23:03 - 2012-02-19 18:02 - 00000000 ____D C:\Users\Dragon\AppData\Local\sabnzbd
    2012-06-14 23:03 - 2012-02-19 01:56 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Dropbox
    2012-06-14 23:03 - 2012-02-19 01:56 - 00000000 ____D C:\Users\Dragon\AppData\Local\Spotify
    2012-06-14 23:01 - 2012-02-25 17:50 - 00000000 ____D C:\Users\All Users\LogMeIn
    2012-06-14 22:48 - 2012-06-14 21:44 - 01232802 ____A C:\Windows\ntbtlog.txt
    2012-06-14 22:18 - 2009-07-13 20:45 - 00020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-14 22:18 - 2009-07-13 20:45 - 00020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-14 22:17 - 2009-07-13 21:13 - 00807822 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-14 22:16 - 2012-06-14 22:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-14 22:16 - 2012-06-14 22:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-14 22:16 - 2012-02-19 01:57 - 00821480 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-14 22:16 - 2012-02-19 01:57 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-14 22:16 - 2012-02-19 01:56 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Spotify
    2012-06-14 22:11 - 2012-06-14 22:11 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-06-14 22:11 - 2012-02-19 01:56 - 00000000 ____D C:\Program Files (x86)\Trillian
    2012-06-14 22:10 - 2012-06-14 22:10 - 00000808 ____A C:\Windows\System32\.crusader
    2012-06-14 22:10 - 2012-06-14 22:06 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-06-14 22:10 - 2012-02-19 18:01 - 00000000 ____D C:\Program Files (x86)\SABnzbd
    2012-06-14 22:10 - 2012-02-19 01:55 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000UA.job
    2012-06-14 22:10 - 2012-02-19 00:47 - 00000000 __SHD C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}
    2012-06-14 22:06 - 2010-11-20 19:47 - 00012374 ____A C:\Windows\PFRO.log
    2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Malwarebytes
    2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-14 21:52 - 2012-06-14 21:52 - 00000361 ____A C:\rkill.log
    2012-06-14 21:46 - 2009-07-13 20:45 - 04997552 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-14 21:42 - 2012-06-14 21:42 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-14 21:38 - 2012-06-14 21:38 - 00000000 ____D C:\Users\All Users\99058D9B000415CB00038E50B4EB2331
    2012-06-14 21:09 - 2012-02-19 15:39 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\vlc
    2012-06-14 21:05 - 2012-04-20 07:25 - 00005632 ____A C:\Users\Dragon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-14 20:56 - 2012-02-19 19:01 - 00000000 ____D C:\Users\Dragon\AppData\Local\4673A125-DF05-4C80-B515-4F7AD151636E.aplzod
    2012-06-14 20:53 - 2012-06-14 10:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-14 20:25 - 2012-06-14 20:25 - 00000000 __RHD C:\ESD
    2012-06-14 17:47 - 2012-06-14 17:47 - 00000000 ____D C:\Users\Dragon\AppData\Local\Macromedia
    2012-06-14 10:53 - 2012-05-20 20:55 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-14 10:53 - 2012-03-12 20:10 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-14 10:06 - 2012-02-19 01:55 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-06-14 10:03 - 2012-02-19 10:22 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Skype
    2012-06-14 09:03 - 2012-02-19 11:22 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-14 09:02 - 2012-02-19 00:47 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-14 07:12 - 2012-06-14 23:03 - 02127448 ____A (Kaspersky Lab ZAO) C:\Users\Dragon\Desktop\TDSSKiller.exe
    2012-06-14 05:01 - 2012-03-16 23:47 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
    2012-06-14 05:00 - 2012-05-02 09:17 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
    2012-06-14 04:00 - 2012-03-16 23:47 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
    2012-06-14 03:00 - 2012-03-16 23:46 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
    2012-06-14 02:00 - 2012-03-16 23:46 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
    2012-06-14 01:10 - 2012-02-19 01:55 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000Core.job
    2012-06-10 02:40 - 2012-02-19 00:40 - 00000458 ____A C:\Windows\Tasks\Intel_C_CVCV15340AN7120BGN.job
    2012-06-09 14:20 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2012-06-08 14:55 - 2012-06-08 14:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Notepad++
    2012-06-08 14:20 - 2012-06-08 14:20 - 00143766 ____A C:\Users\Guest\Downloads\Service Agreement - NY.pdf
    2012-06-08 14:19 - 2012-03-03 11:01 - 00114776 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-07 07:48 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
    2012-06-07 07:28 - 2012-02-19 01:55 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\uTorrent
    2012-06-06 22:54 - 2012-06-06 22:54 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-06 22:54 - 2012-06-06 22:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-06 22:54 - 2012-05-20 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-06 22:09 - 2012-05-19 14:28 - 00000000 ____D C:\Program Files (x86)\Diablo III
    2012-06-03 17:57 - 2012-06-03 17:57 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2012-06-03 17:13 - 2012-06-03 17:13 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-06-03 17:13 - 2012-06-03 17:12 - 00137352 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_18.12.55_log.txt
    2012-06-03 00:00 - 2012-02-25 16:27 - 00000000 ____D C:\Users\Dragon\AppData\Local\ElevatedDiagnostics
    2012-06-02 19:02 - 2012-04-06 23:55 - 00000000 ____D C:\Users\All Users\Sonos,_Inc
    2012-06-02 18:39 - 2012-02-19 12:27 - 00000000 ____D C:\Users\Dragon\AppData\Local\Futuremark_Corporation
    2012-06-01 16:31 - 2012-02-18 22:42 - 00000000 ____D C:\users\Dragon
    2012-06-01 07:00 - 2012-03-03 09:49 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\HandBrake
    2012-05-31 20:53 - 2012-02-19 00:34 - 00114776 ____A C:\Users\Dragon\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-31 20:33 - 2012-04-10 11:01 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\VMware
    2012-05-29 18:07 - 2012-04-10 11:01 - 00000000 ____D C:\Users\Dragon\AppData\Local\VMware
    2012-05-29 11:38 - 2012-05-29 11:36 - 00001348 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
    2012-05-29 11:38 - 2009-07-13 18:34 - 00001348 ____A C:\Windows\System32\Drivers\etc\hosts
    2012-05-29 11:37 - 2012-05-29 11:36 - 00000144 ____A C:\Users\Dragon\umbrella0.log
    2012-05-29 11:37 - 2012-05-29 11:36 - 00000000 ____D C:\Users\Dragon\.shsh
    2012-05-28 15:32 - 2012-05-28 15:32 - 00000000 ____D C:\Users\Dragon\AppData\Local\libimobiledevice
    2012-05-24 21:18 - 2012-03-12 08:46 - 00007609 ____A C:\Users\Dragon\AppData\Local\Resmon.ResmonCfg
    2012-05-21 17:52 - 2012-02-25 17:50 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
    2012-05-21 17:52 - 2012-02-25 17:50 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
    2012-05-21 17:52 - 2012-02-25 17:50 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
    2012-05-21 17:52 - 2012-02-25 17:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn
    2012-05-20 20:55 - 2012-05-20 20:55 - 00000000 ____D C:\Windows\System32\Macromed
    2012-05-20 10:19 - 2012-02-18 22:42 - 00000000 ____D C:\Users\Dragon\AppData\LocalLow
    2012-05-20 10:14 - 2012-05-20 10:14 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Mozilla
    2012-05-20 10:14 - 2012-05-20 10:14 - 00000000 ____D C:\Users\Dragon\AppData\Local\Mozilla
    2012-05-17 22:54 - 2012-05-01 08:22 - 00000000 ____D C:\Users\All Users\webex
    2012-05-17 18:47 - 2012-06-14 08:59 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-14 08:59 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-14 08:59 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-14 08:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-14 08:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-14 08:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-14 08:59 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-14 08:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-14 08:59 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-14 08:59 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-14 08:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-14 08:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-14 08:59 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-14 08:59 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-14 08:59 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-14 08:59 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-14 08:59 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-14 08:59 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-14 08:59 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-14 08:59 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-14 08:59 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-14 08:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-14 08:59 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-14 08:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-14 08:59 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-14 08:59 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-14 08:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-14 08:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-16 12:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
    2012-05-14 17:32 - 2012-06-13 15:58 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-11 10:28 - 2012-02-28 14:03 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\FileZilla
    2012-05-11 10:24 - 2012-05-11 10:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-11 10:24 - 2012-05-11 10:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-11 10:24 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-08 22:35 - 2012-05-08 21:42 - 00000600 ____A C:\Users\Dragon\AppData\Roaming\PUTTY.RND
    2012-05-08 22:35 - 2012-05-07 18:26 - 00000600 ____A C:\Users\Dragon\AppData\Local\PUTTY.RND
    2012-05-08 18:19 - 2012-05-08 09:37 - 00000000 ____D C:\Users\Dragon\ZipForm
    2012-05-08 09:37 - 2012-05-08 09:37 - 00000088 ____A C:\Users\Dragon\.java.policy
    2012-05-06 21:03 - 2012-05-06 21:03 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\MindTerm
    2012-05-04 03:06 - 2012-06-13 15:58 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 15:58 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 15:58 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 10:24 - 2012-03-12 14:37 - 00191824 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-05-03 10:23 - 2012-05-03 10:23 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-05-03 10:20 - 2012-02-19 19:01 - 00000000 ____D C:\Users\Dragon\AppData\Local\Adobe
    2012-05-03 10:20 - 2012-02-19 02:01 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Adobe
    2012-05-02 08:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-05-01 16:46 - 2012-05-01 16:46 - 04472832 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
    2012-04-30 21:40 - 2012-06-13 15:58 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 11:01 - 2012-03-23 17:24 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Epson
    2012-04-27 19:55 - 2012-06-13 15:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 21:35 - 2012-04-26 19:38 - 00244174 ____A C:\Users\Guest\Documents\Tax Outline 2012.2.0.docx
    2012-04-26 19:47 - 2012-04-26 18:45 - 00284312 ____A C:\Users\Guest\Desktop\TAXATION OF BUSINESS ENTERPRISES outline 3.docx
    2012-04-25 21:41 - 2012-06-13 15:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 15:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 15:58 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-25 12:20 - 2012-04-25 12:20 - 00000000 ____D C:\Users\Dragon\AppData\Local\Brice_Lambson
    2012-04-25 12:20 - 2012-04-25 12:20 - 00000000 ____D C:\Users\All Users\Package Cache
    2012-04-25 12:20 - 2012-04-25 12:20 - 00000000 ____D C:\Program Files\Image Resizer for Windows
    2012-04-25 12:20 - 2012-04-25 12:20 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
    2012-04-24 09:53 - 2012-04-23 19:44 - 00000000 ____D C:\Program Files (x86)\Diablo III Beta
    2012-04-23 21:37 - 2012-06-13 15:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 15:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 15:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 15:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 15:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 15:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 19:41 - 2012-04-23 19:41 - 00000000 ____D C:\Users\All Users\Battle.net
    2012-04-17 21:42 - 2012-03-03 11:01 - 00000000 ____D C:\Users\Guest\Documents\StarCraft II
    2012-04-17 13:38 - 2012-04-17 13:38 - 00000442 ___AH C:\Windows\Tasks\Fortus Capital, LLC 1334698711.job
    2012-04-17 10:38 - 2012-02-20 23:20 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\SteelSeries
    2012-04-17 10:37 - 2012-02-20 23:20 - 00000000 ____D C:\Users\All Users\SteelSeries
    2012-04-17 10:36 - 2012-02-20 23:20 - 00000000 ____D C:\Program Files\SteelSeries
    2012-04-16 14:57 - 2012-04-16 14:57 - 00000000 ____D C:\Users\Guest\AppData\Local\Apple Computer
    2012-04-16 14:57 - 2012-03-03 11:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
    2012-04-15 13:03 - 2012-04-14 14:05 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
    2012-04-15 12:29 - 2012-04-15 12:29 - 00288152 ____A C:\Windows\msxml4-KB954430-enu.LOG
    2012-04-15 12:29 - 2012-04-15 12:29 - 00281774 ____A C:\Windows\msxml4-KB973688-enu.LOG
    2012-04-15 12:08 - 2012-04-15 12:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Intuit
    2012-04-15 12:08 - 2012-03-27 11:57 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
    2012-04-14 15:55 - 2012-04-14 14:06 - 00000000 ____D C:\Users\Dragon\AppData\Local\Intuit
    2012-04-14 15:54 - 2012-04-14 14:05 - 00000000 ____D C:\Users\All Users\Intuit
    2012-04-14 14:10 - 2012-04-14 14:10 - 00000000 ____D C:\Program Files\Common Files\Intuit
    2012-04-14 14:09 - 2012-04-14 14:05 - 00000000 ____D C:\Users\All Users\SQL Anywhere 11
    2012-04-14 14:08 - 2012-04-14 14:05 - 00000000 ____D C:\Program Files (x86)\Intuit
    2012-04-14 14:05 - 2012-04-14 14:05 - 00000000 ____D C:\Users\Public\Documents\Intuit
    2012-04-14 14:05 - 2012-04-14 14:05 - 00000000 ____D C:\Users\All Users\Nuance
    2012-04-14 14:04 - 2012-04-14 14:04 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2012-04-14 14:03 - 2012-04-14 14:03 - 00000000 ____D C:\Windows\Intuit
    2012-04-11 09:08 - 2012-04-04 09:17 - 00000000 ____D C:\Sites
    2012-04-11 08:54 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-04-10 13:19 - 2012-04-10 13:19 - 00000000 ____D C:\Program Files\Common Files\VMware
    2012-04-10 13:19 - 2012-04-10 10:58 - 00000000 ____D C:\Program Files (x86)\VMware
    2012-04-10 11:54 - 2012-04-08 19:09 - 00000000 ____D C:\Program Files (x86)\hpmonitor
    2012-04-10 10:58 - 2012-04-10 10:58 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
    2012-04-10 10:58 - 2012-02-25 17:50 - 00001024 ____A C:\.rnd
    2012-04-08 19:09 - 2012-04-08 19:09 - 00000000 ____D C:\Program Files\MediaInfo
    2012-04-08 14:02 - 2012-04-03 09:47 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\1UPIndustries
    2012-04-08 14:02 - 2012-04-03 09:47 - 00000000 ____D C:\Users\All Users\1UPIndustries
    2012-04-07 07:42 - 2012-04-07 07:42 - 00000000 ____D C:\Users\Dragon\AppData\Local\Sonos,_Inc
    2012-04-07 04:31 - 2012-06-13 15:58 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-13 15:58 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-06 23:55 - 2012-04-06 23:55 - 00000000 ____D C:\Users\Dragon\AppData\Local\Downloaded Installations
    2012-04-06 23:55 - 2012-04-06 23:55 - 00000000 ____D C:\Program Files (x86)\Sonos
    2012-04-06 09:49 - 2012-04-06 09:49 - 00000000 ____D C:\Program Files\iTunes
    2012-04-06 09:49 - 2012-04-06 09:49 - 00000000 ____D C:\Program Files\iPod
    2012-04-06 09:49 - 2012-04-06 09:49 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-04-05 09:33 - 2012-04-05 09:28 - 00000000 ____D C:\Users\Dragon\.jedit
    2012-04-04 17:10 - 2012-04-04 17:10 - 00000065 ____A C:\Users\Dragon\.gitconfig
    2012-04-04 17:04 - 2012-04-04 09:18 - 00000000 ____D C:\Users\Dragon\.ssh
    2012-04-04 14:56 - 2012-06-14 21:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-04 09:21 - 2012-04-04 09:21 - 00000000 ____D C:\Users\Dragon\.gem
    2012-04-04 09:17 - 2012-04-04 09:17 - 00000000 ____D C:\RailsInstaller
    2012-04-03 09:47 - 2012-04-03 09:47 - 00000000 ____D C:\Program Files\1UPIndustries
    2012-04-01 18:54 - 2012-04-01 18:54 - 00000000 ____D C:\Users\All Users\Freemake
    2012-04-01 18:54 - 2012-04-01 18:54 - 00000000 ____D C:\Program Files (x86)\Freemake
    2012-03-30 03:35 - 2012-05-08 19:33 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-27 23:37 - 2012-03-27 23:37 - 00000000 ____D C:\Users\All Users\ATI
    2012-03-27 23:24 - 2012-03-27 23:23 - 00000000 ____D C:\Program Files\ATI Technologies
    2012-03-27 23:23 - 2012-03-27 23:23 - 00000000 ____D C:\Program Files\ATI
    2012-03-27 12:40 - 2012-03-27 12:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
    2012-03-27 11:57 - 2012-03-03 11:01 - 00000000 ____D C:\Users\Guest\AppData\LocalLow
    2012-03-27 11:56 - 2012-03-27 11:56 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Epson
    2012-03-26 20:11 - 2012-02-25 16:45 - 00000000 ____D C:\Program Files\CrashPlan
    2012-03-25 22:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-03-25 18:31 - 2012-02-21 10:35 - 00000000 ____D C:\Program Files (x86)\Brother
    2012-03-25 18:30 - 2012-03-25 18:30 - 00000000 ____A C:\Windows\EEventManager.INI
    2012-03-25 18:25 - 2012-03-23 17:23 - 00000000 ____D C:\Users\All Users\EPSON
    2012-03-24 19:32 - 2012-02-21 10:42 - 00000426 ____A C:\Windows\BRWMARK.INI
    2012-03-23 17:34 - 2012-03-23 17:22 - 00000106 ____A C:\Windows\EP4540.ini
    2012-03-23 17:32 - 2012-03-23 17:32 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Leadertech
    2012-03-23 17:32 - 2012-03-23 17:23 - 00000000 ____D C:\Program Files (x86)\Epson Software
    2012-03-23 17:31 - 2012-03-23 17:31 - 00000000 ____D C:\Program Files\Common Files\EPSON
    2012-03-23 17:24 - 2012-03-23 17:24 - 00000000 ____D C:\Program Files\EpsonNet
    2012-03-23 17:24 - 2012-03-23 17:24 - 00000000 ____D C:\Program Files\EPSON
    2012-03-23 17:24 - 2012-02-19 00:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-03-23 17:23 - 2012-03-23 17:23 - 00000000 ____D C:\Program Files (x86)\Epson America Inc
    2012-03-23 17:23 - 2012-03-23 17:23 - 00000000 ____D C:\Program Files (x86)\epson
    2012-03-23 09:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-03-22 20:14 - 2012-02-19 01:55 - 00000000 ____D C:\Users\Dragon\AppData\Local\Google
    2012-03-21 23:38 - 2012-03-21 23:38 - 00000000 ____D C:\Users\All Users\Synology
    2012-03-20 19:44 - 2012-03-20 19:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-03-20 19:44 - 2012-03-20 19:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys

    ZeroAccess:
    C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}
    C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\@
    C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\L
    C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\n
    C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\U

    ZeroAccess:
    C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}
    C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\@
    C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\L
    C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 7%
    Total physical RAM: 16360.86 MB
    Available physical RAM: 15213.17 MB
    Total Pagefile: 16359.06 MB
    Available Pagefile: 15219.54 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:111.69 GB) (Free:9.04 GB) NTFS
    2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: (WDO_Media64) (Removable) (Total:3.92 GB) (Free:3.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (Emperor) (Fixed) (Total:2794.52 GB) (Free:1246.9 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 2794 GB 0 B *
    Disk 1 Online 111 GB 0 B
    Disk 2 Online 4014 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 2794 GB 1024 KB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y Emperor NTFS Partition 2794 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 111 GB 101 MB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System Rese NTFS Partition 100 MB Healthy

    ======================================================================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 111 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 4013 MB 32 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G WDO_Media64 NTFS Removable 4013 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-07 23:37

    ======================= End Of Log ==========================

    Farbar Recovery Scan Tool Version: 14-06-2012
    Ran by SYSTEM at 2012-06-15 00:18:26
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  3. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    Thank you so much, Broni! My system seems to boot normally and it doesn't automatically force restart! You are my hero. =)

    Note: I still can't change my firewall settings.

    is MSE good enough to protect me going forward? Should I have a running anti malware as well?

    anything else you want me to run?

    Here is the fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-06-2012
    Ran by SYSTEM at 2012-06-15 09:34:18 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4} moved successfully.
    C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  4. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Good news :)

    We need to run some more checks to make sure you're clean.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    running combofix in safe mode (exited malware antibytes and turned off mse security essentials real time) but I am getting an error from combofix that MSE av and MSE antimalware is still running. can I press ok?
     
  6. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Yes. In safe mode you can disregard those warnings.
     
  7. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    ComboFix 12-06-15.03 - Dragon 06/15/2012 9:56.1.8 - x64 MINIMAL
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16361.15099 [GMT -7:00]
    Running from: c:\users\Dragon\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-15 08:17 . 2012-06-15 08:17 -------- d-----w- C:\FRST
    2012-06-15 07:03 . 2012-06-15 07:03 116016 ----a-w- c:\windows\system32\drivers\83023745.sys
    2012-06-15 06:17 . 2012-06-15 06:16 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B3FDF11-07AA-431A-9E6E-E6E2A62C80F8}\gapaengine.dll
    2012-06-15 06:16 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1451899-E8BE-4B69-B1F9-59EEED844A0A}\mpengine.dll
    2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-15 06:11 . 2012-06-15 06:11 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
    2012-06-15 06:06 . 2012-06-15 06:10 -------- d-----w- c:\programdata\HitmanPro
    2012-06-15 05:55 . 2012-06-15 05:55 -------- d-----w- c:\users\Dragon\AppData\Roaming\Malwarebytes
    2012-06-15 05:55 . 2012-06-15 05:55 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-15 05:55 . 2012-06-15 05:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-15 05:55 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-15 05:42 . 2012-06-15 05:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-15 05:38 . 2012-06-15 06:05 -------- d-----w- c:\program files (x86)\Common Files\BDA
    2012-06-15 05:38 . 2012-06-15 05:38 -------- d-----w- c:\programdata\99058D9B000415CB00038E50B4EB2331
    2012-06-15 04:25 . 2012-06-15 04:25 -------- d-----r- C:\ESD
    2012-06-15 01:47 . 2012-06-15 01:47 -------- d-----w- c:\users\Dragon\AppData\Local\Macromedia
    2012-06-13 23:58 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-08 22:55 . 2012-06-08 22:55 -------- d-----w- c:\users\Guest\AppData\Roaming\Notepad++
    2012-06-07 06:54 . 2012-06-07 06:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-06-04 01:57 . 2012-06-04 01:57 -------- d-----w- c:\windows\Microsoft Antimalware
    2012-06-04 01:13 . 2012-06-04 01:13 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-05-29 19:36 . 2012-05-29 19:37 -------- d-----w- c:\users\Dragon\.shsh
    2012-05-28 23:32 . 2012-05-28 23:32 -------- d-----w- c:\users\Dragon\AppData\Local\libimobiledevice
    2012-05-21 04:55 . 2012-06-14 18:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-21 04:55 . 2012-05-21 04:55 -------- d-----w- c:\windows\system32\Macromed
    2012-05-20 18:14 . 2012-05-20 18:14 -------- d-----w- c:\users\Dragon\AppData\Local\Mozilla
    2012-05-19 22:28 . 2012-06-07 06:09 -------- d-----w- c:\program files (x86)\Diablo III
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-14 18:53 . 2012-03-13 04:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-22 01:52 . 2012-02-26 01:50 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-05-22 01:52 . 2012-02-26 01:50 34688 ----a-w- c:\windows\system32\LMIport.dll
    2012-05-22 01:52 . 2012-02-26 01:50 80768 ----a-w- c:\windows\system32\LMIinit.dll
    2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2012-03-30 11:35 . 2012-05-09 03:33 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify"="c:\users\Dragon\AppData\Roaming\Spotify\spotify.exe" [2012-05-11 9478320]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
    "AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-04-05 231424]
    "Spotify Web Helper"="c:\users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
    "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-11-14 103536]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-3-14 1178984]
    .
    c:\users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Dragon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    RealTemp.exe - Shortcut.lnk - e:\downloads\RealTemp_370\RealTemp.exe [2012-2-28 216064]
    SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2012-2-3 352768]
    Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-4-26 2379616]
    volume.ahk [2011-12-6 181]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-3-14 1178984]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-11-14 11839488]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257696]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-07 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
    R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 atnthost;WebEx Remote Access Agent;c:\programdata\webex\MyWebEx\319\atnthost.exe [2011-12-15 16776]
    S2 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]
    S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-22 375176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - WinRing0_1_2_0
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 18:53]
    .
    2012-06-14 c:\windows\Tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
    - c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
    .
    2012-06-14 c:\windows\Tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
    - c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
    .
    2012-06-14 c:\windows\Tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
    - c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
    .
    2012-06-14 c:\windows\Tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
    - c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
    .
    2012-06-14 c:\windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
    - c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
    .
    2012-04-17 c:\windows\Tasks\Fortus Capital, LLC 1334698711.job
    - c:\program files (x86)\Intuit\QuickBooks 2012\AutoBackupEXE.exe [2012-03-14 16:13]
    .
    2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000Core.job
    - c:\users\Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 06:15]
    .
    2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000UA.job
    - c:\users\Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 06:15]
    .
    2012-06-10 c:\windows\Tasks\Intel_C_CVCV15340AN7120BGN.job
    - c:\program files (x86)\Intel\Intel(R) Solid-State Drive Toolbox\Intel SSD Toolbox.exe [2012-02-19 16:03]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    LSP: %SystemRoot%\system32\vsocklib.dll
    TCP: DhcpNameServer = 192.168.1.1
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - c:\users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\
    FF - prefs.js: browser.startup.homepage - about:home|hxxp://www.netvibes.com/privatepage/1#General
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\trillian\plugins\skypekit.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-15 10:00:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-15 17:00
    .
    Pre-Run: 9,600,057,344 bytes free
    Post-Run: 11,474,493,440 bytes free
    .
    - - End Of File - - 5EC0CF6EC2AB9CBF601608BC6EA1546A
     
  8. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Looks good.

    Any current issues?

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===============================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  9. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    only issue is that I can't turn on windows firewall but I can at least use my system now!

    any idea where I got sirefef/liveplatinum? im usually very careful. first infection in prolly a decade
     
  10. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-15 10:15:30
    -----------------------------
    10:15:30.552 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:15:30.552 Number of processors: 8 586 0x2A07
    10:15:30.552 ComputerName: DRAGON7 UserName: Dragon
    10:15:30.771 Initialize success
    10:15:55.933 AVAST engine defs: 12061500
    10:16:00.114 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    10:16:00.114 Disk 0 Vendor: ST3000DM CC9C Size: 2861588MB BusType: 3
    10:16:00.114 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    10:16:00.114 Disk 1 Vendor: INTEL_SS 400i Size: 114473MB BusType: 3
    10:16:00.114 Disk 1 MBR read successfully
    10:16:00.114 Disk 1 MBR scan
    10:16:00.114 Disk 1 Windows 7 default MBR code
    10:16:00.114 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    10:16:00.129 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    10:16:00.161 Disk 1 scanning C:\Windows\system32\drivers
    10:16:05.153 Service scanning
    10:16:14.279 Modules scanning
    10:16:14.279 Disk 1 trace - called modules:
    10:16:14.294 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    10:16:14.294 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800f874060]
    10:16:14.294 3 CLASSPNP.SYS[fffff88001a5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800e64e050]
    10:16:14.513 AVAST engine scan C:\Windows
    10:16:15.246 AVAST engine scan C:\Windows\system32
    10:17:36.616 AVAST engine scan C:\Windows\system32\drivers
    10:17:40.469 AVAST engine scan C:\Users\Dragon
    10:18:25.288 AVAST engine scan C:\ProgramData
    10:18:55.739 Scan finished successfully
    10:22:01.423 Disk 1 MBR has been saved successfully to "F:\MBR.dat"
    10:22:01.454 The log file has been saved successfully to "F:\aswMBR.txt"
     
  11. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    We'll look into firewall issue.
    There is really no way to trace an infection source.

    I still need MBAM log.
     
  12. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    yep sorry nothing popped up for mbam so didn;t know if you needed it. ill attach
     
  13. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.15.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Dragon :: DRAGON7 [administrator]

    Protection: Enabled

    6/15/2012 10:13:37 AM
    mbam-log-2012-06-15 (10-13-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 229597
    Time elapsed: 1 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  14. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    OTL logfile created on: 6/15/2012 11:05:28 AM - Run 1
    OTL by OldTimer - Version 3.2.48.0 Folder = E:\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.98 Gb Total Physical Memory | 12.41 Gb Available Physical Memory | 77.66% Memory free
    16.76 Gb Paging File | 12.95 Gb Available in Paging File | 77.30% Paging File free
    Paging file location(s): c:\pagefile.sys 800 800 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 10.55 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
    Drive E: | 2794.52 Gb Total Space | 1247.11 Gb Free Space | 44.63% Space Free | Partition Type: NTFS

    Computer Name: DRAGON7 | User Name: Dragon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/15 11:04:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL(1).exe
    PRC - [2012/06/06 23:54:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dragon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/11 11:32:05 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Dragon\AppData\Roaming\Spotify\spotify.exe
    PRC - [2012/05/11 11:32:01 | 000,932,528 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/04/26 00:00:00 | 003,284,992 | ---- | M] () -- c:\Program Files (x86)\Trillian\plugins\skypekit.exe
    PRC - [2012/04/26 00:00:00 | 002,379,616 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
    PRC - [2012/04/06 13:15:04 | 000,352,768 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/04/03 22:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/03/14 09:14:52 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2012/03/14 08:19:46 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2012/02/24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2011/12/14 20:29:06 | 000,016,776 | ---- | M] (WebEx Communications, Inc.) -- C:\ProgramData\webex\MyWebEx\319\atnthost.exe
    PRC - [2011/11/13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2011/11/13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2011/11/13 23:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    PRC - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/10/17 16:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/03/16 08:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
    PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
    PRC - [2010/11/17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2010/09/21 18:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/15 09:59:40 | 000,034,166 | ---- | M] () -- C:\jexepackres\JX15DBC\natpmp.dll
    MOD - [2012/06/14 23:08:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 11:15:52 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0767c3bc7cd93daf38517843d29ce808\IAStorUtil.ni.dll
    MOD - [2012/06/14 11:08:15 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/06 23:54:31 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/05/11 11:42:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9eed0fcdc582550a65536d1150b49574\IAStorCommon.ni.dll
    MOD - [2012/05/11 11:33:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/11 11:33:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/11 11:33:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/11 11:33:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/11 11:33:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/11 11:33:14 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/05/11 11:32:01 | 020,101,120 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Spotify\Data\libcef.dll
    MOD - [2012/05/11 11:32:01 | 000,932,528 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2012/04/26 00:00:00 | 003,284,992 | ---- | M] () -- c:\Program Files (x86)\Trillian\plugins\skypekit.exe
    MOD - [2012/04/26 00:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\Trillian\libspeex.dll
    MOD - [2012/04/26 00:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll
    MOD - [2012/04/26 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll
    MOD - [2012/04/26 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll
    MOD - [2012/04/26 00:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\buddy.dll
    MOD - [2012/04/26 00:00:00 | 000,007,168 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\talk.dll
    MOD - [2012/04/26 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\trillian.dll
    MOD - [2012/04/26 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\events.dll
    MOD - [2012/04/26 00:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\toolkit.dll
    MOD - [2012/04/06 13:15:06 | 000,178,688 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
    MOD - [2012/04/06 13:15:06 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
    MOD - [2012/04/06 13:15:06 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
    MOD - [2012/04/06 13:15:05 | 000,876,032 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
    MOD - [2012/04/06 13:15:05 | 000,426,496 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
    MOD - [2012/04/06 13:15:05 | 000,358,912 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
    MOD - [2012/04/06 13:15:05 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
    MOD - [2012/04/06 13:15:05 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
    MOD - [2012/04/06 13:15:05 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
    MOD - [2012/04/06 13:15:05 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pywintypes27.dll
    MOD - [2012/04/06 13:15:05 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
    MOD - [2012/04/06 13:15:05 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
    MOD - [2012/04/06 13:15:05 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
    MOD - [2012/04/06 13:15:05 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
    MOD - [2012/04/06 13:15:05 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
    MOD - [2012/04/06 13:15:05 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
    MOD - [2012/04/06 13:15:05 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
    MOD - [2012/04/06 13:15:05 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
    MOD - [2012/04/06 13:15:05 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
    MOD - [2012/04/06 13:15:05 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
    MOD - [2012/04/06 13:15:05 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\select.pyd
    MOD - [2012/04/06 13:15:05 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
    MOD - [2012/04/06 13:15:05 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
    MOD - [2012/04/06 13:15:04 | 000,352,768 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
    MOD - [2012/04/03 22:53:58 | 002,894,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
    MOD - [2012/03/09 14:00:13 | 000,968,704 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
    MOD - [2010/09/21 18:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/02/14 20:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/02/07 13:03:26 | 000,261,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService)
    SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
    SRV:64bit: - [2011/03/16 08:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
    SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/06/14 11:53:01 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/06 23:54:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/21 18:52:25 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
    SRV - [2012/05/21 18:52:18 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/14 08:19:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2012/01/25 09:56:30 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
    SRV - [2011/12/14 20:29:06 | 000,016,776 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\ProgramData\webex\MyWebEx\319\atnthost.exe -- (atnthost)
    SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
    SRV - [2011/11/13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2011/11/13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2011/11/13 22:55:18 | 011,839,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
    SRV - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2011/09/26 10:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
    SRV - [2011/09/16 15:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
    SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
    SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/06/14 23:11:44 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
    DRV:64bit: - [2012/05/21 18:52:19 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/02/14 20:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/02/14 19:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/01/20 08:00:46 | 000,106,496 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
    DRV:64bit: - [2012/01/20 08:00:46 | 000,034,944 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
    DRV:64bit: - [2011/11/13 23:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2011/11/13 23:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2011/11/13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2011/11/13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2011/10/17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
    DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2011/07/20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/12/10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/05/20 16:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2011/09/16 15:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 96 69 4F BA 4A CD 01 [binary data]
    IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:home|http://www.netvibes.com/privatepage/1#General"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dragon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dragon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
     
  16. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/14 15:06:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 23:54:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/20 11:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dragon\AppData\Roaming\Mozilla\Extensions
    [2012/06/14 18:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\extensions
    [2012/06/14 18:47:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\extensions\foxmarks@kei.com
    [2012/05/20 11:19:47 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\extensions\support@lastpass.com
    [2012/05/20 11:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/07 00:02:31 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\DRAGON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QH11Z58.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    [2012/05/20 23:58:37 | 000,255,318 | ---- | M] () (No name found) -- C:\USERS\DRAGON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QH11Z58.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI
    [2012/06/06 23:54:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Dragon\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dragon\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dragon\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Dragon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - Extension: YouTube = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\
    CHR - Extension: LastPass = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.6_0\
    CHR - Extension: TouristEye Planner = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg\9_0\
    CHR - Extension: Google Maps = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
    CHR - Extension: Lazarus: Form Recovery = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\
    CHR - Extension: Gmail = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/15 09:59:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
    O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
    O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [Spotify] C:\Users\Dragon\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
    O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [Spotify Web Helper] C:\Users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe ()
    O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dragon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTemp.exe - Shortcut.lnk = E:\Downloads\RealTemp_370\RealTemp.exe (uWebb Software)
    O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
    O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
    O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\volume.ahk ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7223F051-FE51-4091-8ADE-35FCC80542A1}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
    Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/15 10:23:21 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Local\iSpirit
    [2012/06/15 09:59:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/15 09:58:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/15 09:56:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/15 09:56:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/15 09:56:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/15 09:46:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/15 09:46:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/15 09:46:43 | 004,559,180 | R--- | C] (Swearware) -- C:\Users\Dragon\Desktop\ComboFix.exe
    [2012/06/15 01:17:25 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/15 00:03:56 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\83023745.sys
    [2012/06/14 23:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/14 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/14 23:15:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/06/14 23:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/06/14 22:55:07 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Roaming\Malwarebytes
    [2012/06/14 22:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/14 22:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/14 22:55:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/14 22:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/14 22:42:26 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/06/14 22:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BDA
    [2012/06/14 22:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D9B000415CB00038E50B4EB2331
    [2012/06/14 21:25:36 | 000,000,000 | R--D | C] -- C:\ESD
    [2012/06/14 18:47:52 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Local\Macromedia
    [2012/06/06 23:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/06/06 23:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/06/03 18:57:16 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
    [2012/06/03 18:13:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/05/29 12:36:30 | 000,000,000 | ---D | C] -- C:\Users\Dragon\.shsh
    [2012/05/28 16:32:40 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Local\libimobiledevice
    [2012/05/20 21:55:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/05/20 11:14:48 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Roaming\Mozilla
    [2012/05/20 11:14:48 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Local\Mozilla
    [2012/05/20 11:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/05/19 15:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    [2012/05/19 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III

    ========== Files - Modified Within 30 Days ==========

    [2012/06/15 10:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/15 10:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000UA.job
    [2012/06/15 10:06:38 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/15 10:06:38 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/15 09:59:42 | 000,807,886 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/15 09:59:42 | 000,680,378 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/15 09:59:42 | 000,128,476 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/15 09:59:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/15 09:59:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/15 09:44:30 | 004,559,180 | R--- | M] (Swearware) -- C:\Users\Dragon\Desktop\ComboFix.exe
    [2012/06/15 00:03:56 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\83023745.sys
    [2012/06/14 23:16:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/14 23:16:17 | 000,821,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/14 23:11:44 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
    [2012/06/14 23:10:25 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\.crusader
    [2012/06/14 22:46:38 | 004,997,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/14 22:05:58 | 000,005,632 | ---- | M] () -- C:\Users\Dragon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/14 06:01:10 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
    [2012/06/14 06:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
    [2012/06/14 05:00:14 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
    [2012/06/14 04:00:39 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
    [2012/06/14 03:00:18 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
    [2012/06/14 02:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000Core.job
    [2012/06/10 03:40:12 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Intel_C_CVCV15340AN7120BGN.job
    [2012/06/07 00:54:27 | 000,000,971 | ---- | M] () -- C:\Users\Dragon\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/06/01 15:59:52 | 000,001,049 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/05/29 12:38:28 | 000,001,348 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
    [2012/05/24 22:18:51 | 000,007,609 | ---- | M] () -- C:\Users\Dragon\AppData\Local\Resmon.ResmonCfg
    [2012/05/21 18:52:19 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
    [2012/05/21 18:52:18 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
    [2012/05/21 18:52:18 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

    ========== Files Created - No Company Name ==========

    [2012/06/15 09:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/15 09:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/15 09:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/15 09:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/15 09:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/14 23:16:18 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/14 23:11:44 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
    [2012/06/14 23:10:25 | 000,000,808 | ---- | C] () -- C:\Windows\SysNative\.crusader
    [2012/06/14 11:07:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/07 00:54:27 | 000,000,971 | ---- | C] () -- C:\Users\Dragon\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/05/20 11:14:45 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/05/08 22:42:26 | 000,000,600 | ---- | C] () -- C:\Users\Dragon\AppData\Roaming\PUTTY.RND
    [2012/05/07 19:26:49 | 000,000,600 | ---- | C] () -- C:\Users\Dragon\AppData\Local\PUTTY.RND
    [2012/04/20 08:25:49 | 000,005,632 | ---- | C] () -- C:\Users\Dragon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/14 15:05:08 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2012/03/25 19:30:49 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2012/03/23 18:22:43 | 000,000,106 | ---- | C] () -- C:\Windows\EP4540.ini
    [2012/03/12 15:37:44 | 000,191,824 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/03/12 09:46:58 | 000,007,609 | ---- | C] () -- C:\Users\Dragon\AppData\Local\Resmon.ResmonCfg
    [2012/02/29 00:53:25 | 000,004,096 | -H-- | C] () -- C:\Users\Dragon\AppData\Local\keyfile3.drm
    [2012/02/21 11:42:03 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2012/02/21 11:42:03 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9440cn.dat
    [2012/02/21 11:42:03 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2012/02/21 11:41:51 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2012/02/21 11:41:49 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2012/02/19 02:57:47 | 000,821,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/02/19 01:40:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/02/19 01:36:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/08/19 21:26:28 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
    [2011/08/19 21:26:28 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
    [2011/08/19 21:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config

    ========== LOP Check ==========

    [2012/04/08 15:02:45 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\1UPIndustries
    [2012/05/03 11:23:40 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/02/25 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\CrashPlan
    [2012/06/15 09:59:46 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Dropbox
    [2012/04/30 12:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Epson
    [2012/05/11 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\FileZilla
    [2012/06/01 08:00:59 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\HandBrake
    [2012/03/23 18:32:31 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Leadertech
    [2012/05/06 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\MindTerm
    [2012/02/19 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Notepad++
    [2012/06/15 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Spotify
    [2012/04/17 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\SteelSeries
    [2012/03/17 00:38:45 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Sync App Settings
    [2012/02/19 11:22:37 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Trillian
    [2012/06/07 08:28:32 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\uTorrent
    [2012/03/27 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Epson
    [2012/06/08 15:55:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Notepad++
    [2012/03/03 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SteelSeries
    [2012/06/14 06:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
    [2012/06/14 05:00:14 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
    [2012/06/14 04:00:39 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
    [2012/06/14 06:01:10 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
    [2012/06/14 03:00:18 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
    [2012/04/17 14:38:46 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\Fortus Capital, LLC 1334698711.job
    [2009/07/13 22:08:49 | 000,019,448 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/04/10 11:58:28 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2012/06/15 10:00:41 | 000,024,476 | ---- | M] () -- C:\ComboFix.txt
    [2012/06/15 09:59:27 | 838,860,800 | -HS- | M] () -- C:\pagefile.sys
    [2012/06/14 22:52:57 | 000,000,361 | ---- | M] () -- C:\rkill.log
    [2012/06/03 18:13:17 | 000,137,352 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_03.06.2012_18.12.55_log.txt
    [2012/06/15 00:04:20 | 000,136,012 | ---- | M] () -- C:\TDSSKiller.2.7.39.0_15.06.2012_00.03.56_log.txt
    [2012/06/15 09:51:11 | 000,015,342 | ---- | M] () -- C:\test.log

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/12 02:17:44 | 000,000,221 | -HS- | M] () -- C:\Users\Dragon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/15 09:44:30 | 004,559,180 | R--- | M] (Swearware) -- C:\Users\Dragon\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/15 10:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/14 06:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
    [2012/06/14 05:00:14 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
    [2012/06/14 04:00:39 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
    [2012/06/14 06:01:10 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
    [2012/06/14 03:00:18 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
    [2012/04/17 14:38:46 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Fortus Capital, LLC 1334698711.job
    [2012/06/14 02:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000Core.job
    [2012/06/15 10:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000UA.job
    [2012/06/10 03:40:12 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Intel_C_CVCV15340AN7120BGN.job
    [2012/06/15 09:59:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/07/13 22:08:49 | 000,019,448 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/19 19:23:06 | 000,000,402 | -HS- | M] () -- C:\Users\Dragon\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >
     
  17. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    OTL Extras logfile created on: 6/15/2012 11:05:28 AM - Run 1
    OTL by OldTimer - Version 3.2.48.0 Folder = E:\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.98 Gb Total Physical Memory | 12.41 Gb Available Physical Memory | 77.66% Memory free
    16.76 Gb Paging File | 12.95 Gb Available in Paging File | 77.30% Paging File free
    Paging file location(s): c:\pagefile.sys 800 800 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 10.55 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
    Drive E: | 2794.52 Gb Total Space | 1247.11 Gb Free Space | 44.63% Space Free | Partition Type: NTFS

    Computer Name: DRAGON7 | User Name: Dragon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B1D3C64-EEBC-4807-93FF-DB71719E77F7}" = Image Resizer for Windows (64 bit)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel(R) Network Connections 16.5.2.0
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FAF63FF7-1DB6-44D4-91C3-E9422166E8F9}" = CrashPlan
    "Allway Sync_is1" = Allway Sync version 12.0.8
    "AutoHotkey" = AutoHotkey 1.1.06.02
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
    "EPSON WP-4540 Series" = EPSON WP-4540 Series Printer Uninstall
    "MediaInfo" = MediaInfo 0.7.55
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "PROSetDX" = Intel(R) Network Connections 16.5.2.0
    "SteelSeries Engine" = SteelSeries Engine

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
    "{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2556333D-27B8-4CCE-9DC3-A6CC382F3409}" = QuickBooks Premier: Contractor Edition 2012
    "{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
    "{26518E9D-031C-4BF9-907E-B2A91AEB9096}" = QuickBooks Remote Access
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
    "{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
    "{2BFDA78F-39F7-4537-9995-71424CFA88BB}" = LogMeIn
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
    "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
    "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
    "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
    "{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
    "{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
    "{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}" = PCMark 7
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
    "{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
    "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}" = Image Resizer for Windows
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
    "{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
    "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
    "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
    "{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
    "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
    "{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
    "{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
    "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
    "{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
    "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Air Video Server" = Air Video Server 2.4.3
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
    "com.adobe.dmp.contentviewer" = Adobe Content Viewer
    "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
    "Diablo III" = Diablo III
    "Diablo III Beta" = Diablo III Beta
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "FileZilla Client" = FileZilla Client 3.5.3
    "Freemake Video Converter_is1" = Freemake Video Converter version 3.0.1
    "HandBrake" = HandBrake 0.9.6
    "HD Tune_is1" = HD Tune 2.55
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "Intel(R) Solid-State Drive Toolbox" = Intel(R) Solid-State Drive Toolbox
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "Picasa 3" = Picasa 3
    "SABnzbd" = SABnzbd 0.7.0Beta2
    "StarCraft II" = StarCraft II
    "Trillian" = Trillian
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "VMware_Workstation" = VMware Workstation
    "WampServer 2_is1" = WampServer 2.2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{613C3EA5-1248-4E35-B61A-6D0B31BBC0DB}_is1" = RailsInstaller 2.1.0
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/15/2012 2:29:19 AM | Computer Name = Dragon7 | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 6/15/2012 2:31:50 AM | Computer Name = Dragon7 | Source = MSDTC Client 2 | ID = 4104
    Description =

    Error - 6/15/2012 2:32:13 AM | Computer Name = Dragon7 | Source = Application Error | ID = 1000
    Description = Faulting application name: ApplePhotoStreams.exe, version: 7.2.5.1,
    time stamp: 0x4f3a19cc Faulting module name: MSVCR80.dll, version: 8.0.50727.6195,
    time stamp: 0x4dcddbf3 Exception code: 0xc0000005 Fault offset: 0x0001500a Faulting
    process id: 0xd0c Faulting application start time: 0x01cd4ac089e38602 Faulting application
    path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    Faulting
    module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
    Report
    Id: d7041b12-b6b3-11e1-a45d-005056c00008

    Error - 6/15/2012 2:35:10 AM | Computer Name = Dragon7 | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 6/15/2012 2:47:42 AM | Computer Name = Dragon7 | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 6/15/2012 12:37:23 PM | Computer Name = Dragon7 | Source = WinMgmt | ID = 10
    Description =

    Error - 6/15/2012 12:55:27 PM | Computer Name = Dragon7 | Source = WinMgmt | ID = 10
    Description =

    Error - 6/15/2012 12:56:14 PM | Computer Name = Dragon7 | Source = VSS | ID = 18
    Description =

    Error - 6/15/2012 12:56:14 PM | Computer Name = Dragon7 | Source = VSS | ID = 8193
    Description =

    Error - 6/15/2012 1:01:18 PM | Computer Name = Dragon7 | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 6/15/2012 12:59:30 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7000
    Description = The Apache2.2 service failed to start due to the following error:
    %%2

    Error - 6/15/2012 12:59:31 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7000
    Description = The mysql service failed to start due to the following error: %%2

    Error - 6/15/2012 12:59:31 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 6/15/2012 12:59:34 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7024
    Description = The VMware Workstation Server service terminated with service-specific
    error %%-1.

    Error - 6/15/2012 12:59:36 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    luafv

    Error - 6/15/2012 12:59:36 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 6/15/2012 12:59:46 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 6/15/2012 12:59:46 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 6/15/2012 1:00:09 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 6/15/2012 1:00:09 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891


    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    OTL logs are clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    JavaFX 2.1.1
    Java(TM) 6 Update 32
    Java(TM) 7 Update 5
    Out of date Java installed!
    Adobe Flash Player 11.3.300.257
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````

    says out of date java but I upgraded with the link u sent and used the java removal program to get rid of old version
     
  20. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    Farbar Service Scanner Version: 09-06-2012
    Ran by Dragon (administrator) on 15-06-2012 at 12:08:42
    Running from "E:\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 16:58] - [2012-04-23 22:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  21. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    I use a program called AirVIdeo to stream video to my iphone/ipad that uses java 6
     
  22. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    That's fine.
    Go ahead with Eset.
     
  23. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    running eset and it's already found 6 threats...only 61% done.

    ill post when it's done
     
  24. dreborn

    dreborn TS Rookie Topic Starter Posts: 28

    C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.06.2012_18.12.56\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.06.2012_18.12.56\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.06.2012_18.12.56\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\Users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\extensions\fjeoaszbqu@fjeoaszbqu.org.xpi JS/Redirector.NCA trojan deleted - quarantined
    E:\Torrent\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA\Windows.7.SP1.ENG.x86-x64.MAFIAA.iso multiple threats deleted - quarantined
    E:\USENET\extracted\Microsoft.Office.2010.ProfessionalPlus.with.SP1.VL.Edition-ZWTiSO\Keygen.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
    E:\USENET\extracted\Microsoft.Windows.7.Professional.Edition.With.SP1.x64-ZWTiSO\Keygen.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
     
  25. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...