also @ TechSpot: Building a Thin Mini-ITX PC: Small and Silent Performance

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Sirefef and Live Platinum

Discussion in 'Virus and Malware Removal' started by dreborn, Jun 15, 2012.

Post New Reply

Page 1 of 3

dreborn Newcomer, in training Posts: 28

Hi all, somehow Live Platinum fake antivirus program started running on my system. I was just browsing around the internet, didn't even click/download on anything. I followed instructions to remove it but I think it made it worse and now I have sirefef with my computer restarting every 60 seconds, firewall not being able to turn on, and mse not being able to start. Please help!

Scan result of Farbar Recovery Scan Tool Version: 14-06-2012
Ran by SYSTEM at 15-06-2012 00:17:30
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-02-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2011-11-13] (VMware, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2011-12-06] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Dragon\...\Run: [Spotify] "C:\Users\Dragon\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [9478320 2012-05-11] (Spotify Ltd)
HKU\Dragon\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Dragon\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Dragon\...\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-21] ()
HKU\Dragon\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Dragon\...\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [231424 2012-04-05] ()
HKU\Dragon\...\Run: [Spotify Web Helper] "C:\Users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-11] ()
HKU\Guest\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Guest\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH4A.EXE /EPT "EPLTarget\P0000000000000000" /M "WP-4540 Series" /EF "HKCU" [239488 2011-07-18] (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Dragon\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Dragon\Start Menu\Programs\Startup\RealTemp.exe - Shortcut.lnk
ShortcutTarget: RealTemp.exe - Shortcut.lnk -> C:\Downloads\RealTemp_370\RealTemp.exe (No File)
Startup: C:\Users\Dragon\Start Menu\Programs\Startup\SABnzbd.lnk
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
Startup: C:\Users\Dragon\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
Startup: C:\Users\Dragon\Start Menu\Programs\Startup\volume.ahk ()

==================== Services (Whitelisted) ======

2 atnthost; "C:\ProgramData\webex\MyWebEx\319\atnthost.exe" [16776 2011-12-14] (WebEx Communications, Inc.)
2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe service [261632 2012-02-07] ()
2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [222720 2011-03-16] (CrashPlan)
2 EpsonCustomerParticipation; "C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe" [555392 2011-06-09] (SEIKO EPSON CORPORATION)
4 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2011-12-09] (Futuremark Corporation)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-21] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-21] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-06] (Mozilla Foundation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [45056 2012-03-14] (Intuit)
3 QBFCService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2011-08-19] (Intuit Inc.)
2 QBVSS; "C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe" [1248256 2011-08-19] (Intuit Inc.)
2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [846448 2011-08-29] (VMware, Inc.)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-04-10] ()
3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [21504 2011-09-26] (Apache Software Foundation)
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld [9690112 2012-01-25] ()
2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [x]
2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [x]

========================== Drivers (Whitelisted) =============

3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [106496 2012-01-20] (SteelSeries Corporation)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
3 hitmanpro35; \??\C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-06-14] ()
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [34944 2012-01-20] (SteelSeries Corporation)
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-06-15 00:17 - 2012-06-15 00:17 - 00000000 ____D C:\FRST
2012-06-14 23:03 - 2012-06-14 23:03 - 00136012 ____A C:\TDSSKiller.2.7.39.0_15.06.2012_00.03.56_log.txt
2012-06-14 23:03 - 2012-06-14 23:03 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\83023745.sys
2012-06-14 23:03 - 2012-06-14 07:12 - 02127448 ____A (Kaspersky Lab ZAO) C:\Users\Dragon\Desktop\TDSSKiller.exe
2012-06-14 22:16 - 2012-06-14 22:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-14 22:16 - 2012-06-14 22:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-14 22:11 - 2012-06-14 22:11 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-06-14 22:10 - 2012-06-14 22:10 - 00000808 ____A C:\Windows\System32\.crusader
2012-06-14 22:06 - 2012-06-14 22:10 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Malwarebytes
2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 21:55 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-14 21:52 - 2012-06-14 21:52 - 00000361 ____A C:\rkill.log
2012-06-14 21:44 - 2012-06-14 22:48 - 01232802 ____A C:\Windows\ntbtlog.txt
2012-06-14 21:42 - 2012-06-14 21:42 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-14 21:38 - 2012-06-14 21:38 - 00000000 ____D C:\Users\All Users\99058D9B000415CB00038E50B4EB2331
2012-06-14 20:25 - 2012-06-14 20:25 - 00000000 __RHD C:\ESD
2012-06-14 17:47 - 2012-06-14 17:47 - 00000000 ____D C:\Users\Dragon\AppData\Local\Macromedia
2012-06-14 10:07 - 2012-06-14 20:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-14 08:59 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 08:59 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 08:59 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 08:59 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 08:59 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 08:59 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 08:59 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 08:59 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 08:59 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 08:59 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 08:59 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 08:59 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 08:59 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 08:59 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 08:59 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 08:59 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 08:59 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 08:59 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 08:59 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 08:59 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 08:59 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 08:59 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 08:59 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 08:59 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 08:59 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 08:59 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 08:59 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 08:59 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 15:58 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 15:58 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 15:58 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 15:58 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 15:58 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 15:58 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 15:58 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 15:58 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 15:58 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 15:58 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 15:58 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 15:58 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 15:58 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 15:58 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 15:58 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 15:58 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 15:58 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-08 14:55 - 2012-06-08 14:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Notepad++
2012-06-08 14:20 - 2012-06-08 14:20 - 00143766 ____A C:\Users\Guest\Downloads\Service Agreement - NY.pdf
2012-06-06 22:54 - 2012-06-06 22:54 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-06 22:54 - 2012-06-06 22:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-03 17:57 - 2012-06-03 17:57 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-06-03 17:13 - 2012-06-03 17:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-03 17:12 - 2012-06-03 17:13 - 00137352 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_18.12.55_log.txt
2012-05-29 11:36 - 2012-05-29 11:38 - 00001348 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
2012-05-29 11:36 - 2012-05-29 11:37 - 00000144 ____A C:\Users\Dragon\umbrella0.log
2012-05-29 11:36 - 2012-05-29 11:37 - 00000000 ____D C:\Users\Dragon\.shsh
2012-05-28 15:32 - 2012-05-28 15:32 - 00000000 ____D C:\Users\Dragon\AppData\Local\libimobiledevice
2012-05-20 20:55 - 2012-06-14 10:53 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-20 20:55 - 2012-05-20 20:55 - 00000000 ____D C:\Windows\System32\Macromed
2012-05-20 10:14 - 2012-06-06 22:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-20 10:14 - 2012-05-20 10:14 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Mozilla
2012-05-20 10:14 - 2012-05-20 10:14 - 00000000 ____D C:\Users\Dragon\AppData\Local\Mozilla
2012-05-19 14:28 - 2012-06-06 22:09 - 00000000 ____D C:\Program Files (x86)\Diablo III

============ 3 Months Modified Files and Folders =============

2012-06-15 00:17 - 2012-06-15 00:17 - 00000000 ____D C:\FRST
2012-06-14 23:12 - 2012-04-10 10:58 - 00000000 ____D C:\Users\All Users\VMware
2012-06-14 23:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-14 23:12 - 2009-07-13 20:51 - 00040624 ____A C:\Windows\setupact.log
2012-06-14 23:04 - 2012-06-14 23:03 - 00136012 ____A C:\TDSSKiller.2.7.39.0_15.06.2012_00.03.56_log.txt
2012-06-14 23:04 - 2012-02-18 22:44 - 01696751 ____A C:\Windows\WindowsUpdate.log
2012-06-14 23:03 - 2012-06-14 23:03 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\83023745.sys
2012-06-14 23:03 - 2012-02-25 17:46 - 00000000 ___HD C:\jexepackres
2012-06-14 23:03 - 2012-02-20 23:20 - 00015342 ____A C:\test.log
2012-06-14 23:03 - 2012-02-19 18:02 - 00000000 ____D C:\Users\Dragon\AppData\Local\sabnzbd
2012-06-14 23:03 - 2012-02-19 01:56 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Dropbox
2012-06-14 23:03 - 2012-02-19 01:56 - 00000000 ____D C:\Users\Dragon\AppData\Local\Spotify
2012-06-14 23:01 - 2012-02-25 17:50 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-06-14 22:48 - 2012-06-14 21:44 - 01232802 ____A C:\Windows\ntbtlog.txt
2012-06-14 22:18 - 2009-07-13 20:45 - 00020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-14 22:18 - 2009-07-13 20:45 - 00020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-14 22:17 - 2009-07-13 21:13 - 00807822 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-14 22:16 - 2012-06-14 22:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-14 22:16 - 2012-06-14 22:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-14 22:16 - 2012-02-19 01:57 - 00821480 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-14 22:16 - 2012-02-19 01:57 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-14 22:16 - 2012-02-19 01:56 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Spotify
2012-06-14 22:11 - 2012-06-14 22:11 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-06-14 22:11 - 2012-02-19 01:56 - 00000000 ____D C:\Program Files (x86)\Trillian
2012-06-14 22:10 - 2012-06-14 22:10 - 00000808 ____A C:\Windows\System32\.crusader
2012-06-14 22:10 - 2012-06-14 22:06 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-14 22:10 - 2012-02-19 18:01 - 00000000 ____D C:\Program Files (x86)\SABnzbd
2012-06-14 22:10 - 2012-02-19 01:55 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000UA.job
2012-06-14 22:10 - 2012-02-19 00:47 - 00000000 __SHD C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}
2012-06-14 22:06 - 2010-11-20 19:47 - 00012374 ____A C:\Windows\PFRO.log
2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Malwarebytes
2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-14 21:55 - 2012-06-14 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 21:52 - 2012-06-14 21:52 - 00000361 ____A C:\rkill.log
2012-06-14 21:46 - 2009-07-13 20:45 - 04997552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 21:42 - 2012-06-14 21:42 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-14 21:38 - 2012-06-14 21:38 - 00000000 ____D C:\Users\All Users\99058D9B000415CB00038E50B4EB2331
2012-06-14 21:09 - 2012-02-19 15:39 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\vlc
2012-06-14 21:05 - 2012-04-20 07:25 - 00005632 ____A C:\Users\Dragon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-14 20:56 - 2012-02-19 19:01 - 00000000 ____D C:\Users\Dragon\AppData\Local\4673A125-DF05-4C80-B515-4F7AD151636E.aplzod
2012-06-14 20:53 - 2012-06-14 10:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-14 20:25 - 2012-06-14 20:25 - 00000000 __RHD C:\ESD
2012-06-14 17:47 - 2012-06-14 17:47 - 00000000 ____D C:\Users\Dragon\AppData\Local\Macromedia
2012-06-14 10:53 - 2012-05-20 20:55 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-14 10:53 - 2012-03-12 20:10 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 10:06 - 2012-02-19 01:55 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-06-14 10:03 - 2012-02-19 10:22 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Skype
2012-06-14 09:03 - 2012-02-19 11:22 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-14 09:02 - 2012-02-19 00:47 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 07:12 - 2012-06-14 23:03 - 02127448 ____A (Kaspersky Lab ZAO) C:\Users\Dragon\Desktop\TDSSKiller.exe
2012-06-14 05:01 - 2012-03-16 23:47 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
2012-06-14 05:00 - 2012-05-02 09:17 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
2012-06-14 04:00 - 2012-03-16 23:47 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
2012-06-14 03:00 - 2012-03-16 23:46 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
2012-06-14 02:00 - 2012-03-16 23:46 - 00000374 ____A C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
2012-06-14 01:10 - 2012-02-19 01:55 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000Core.job
2012-06-10 02:40 - 2012-02-19 00:40 - 00000458 ____A C:\Windows\Tasks\Intel_C_CVCV15340AN7120BGN.job
2012-06-09 14:20 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-06-08 14:55 - 2012-06-08 14:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Notepad++
2012-06-08 14:20 - 2012-06-08 14:20 - 00143766 ____A C:\Users\Guest\Downloads\Service Agreement - NY.pdf
2012-06-08 14:19 - 2012-03-03 11:01 - 00114776 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-07 07:48 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2012-06-07 07:28 - 2012-02-19 01:55 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\uTorrent
2012-06-06 22:54 - 2012-06-06 22:54 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-06 22:54 - 2012-06-06 22:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-06 22:54 - 2012-05-20 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-06 22:09 - 2012-05-19 14:28 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-03 17:57 - 2012-06-03 17:57 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-06-03 17:13 - 2012-06-03 17:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-03 17:13 - 2012-06-03 17:12 - 00137352 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_18.12.55_log.txt
2012-06-03 00:00 - 2012-02-25 16:27 - 00000000 ____D C:\Users\Dragon\AppData\Local\ElevatedDiagnostics
2012-06-02 19:02 - 2012-04-06 23:55 - 00000000 ____D C:\Users\All Users\Sonos,_Inc
2012-06-02 18:39 - 2012-02-19 12:27 - 00000000 ____D C:\Users\Dragon\AppData\Local\Futuremark_Corporation
2012-06-01 16:31 - 2012-02-18 22:42 - 00000000 ____D C:\users\Dragon
2012-06-01 07:00 - 2012-03-03 09:49 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\HandBrake
2012-05-31 20:53 - 2012-02-19 00:34 - 00114776 ____A C:\Users\Dragon\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-31 20:33 - 2012-04-10 11:01 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\VMware
2012-05-29 18:07 - 2012-04-10 11:01 - 00000000 ____D C:\Users\Dragon\AppData\Local\VMware
2012-05-29 11:38 - 2012-05-29 11:36 - 00001348 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
2012-05-29 11:38 - 2009-07-13 18:34 - 00001348 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-29 11:37 - 2012-05-29 11:36 - 00000144 ____A C:\Users\Dragon\umbrella0.log
2012-05-29 11:37 - 2012-05-29 11:36 - 00000000 ____D C:\Users\Dragon\.shsh
2012-05-28 15:32 - 2012-05-28 15:32 - 00000000 ____D C:\Users\Dragon\AppData\Local\libimobiledevice
2012-05-24 21:18 - 2012-03-12 08:46 - 00007609 ____A C:\Users\Dragon\AppData\Local\Resmon.ResmonCfg
2012-05-21 17:52 - 2012-02-25 17:50 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 17:52 - 2012-02-25 17:50 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-05-21 17:52 - 2012-02-25 17:50 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-05-21 17:52 - 2012-02-25 17:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2012-05-20 20:55 - 2012-05-20 20:55 - 00000000 ____D C:\Windows\System32\Macromed
2012-05-20 10:19 - 2012-02-18 22:42 - 00000000 ____D C:\Users\Dragon\AppData\LocalLow
2012-05-20 10:14 - 2012-05-20 10:14 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Mozilla
2012-05-20 10:14 - 2012-05-20 10:14 - 00000000 ____D C:\Users\Dragon\AppData\Local\Mozilla
2012-05-17 22:54 - 2012-05-01 08:22 - 00000000 ____D C:\Users\All Users\webex
2012-05-17 18:47 - 2012-06-14 08:59 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 08:59 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 08:59 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 08:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 08:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 08:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 08:59 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 08:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 08:59 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 08:59 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 08:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 08:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 08:59 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 08:59 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 08:59 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 08:59 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 08:59 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 08:59 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 08:59 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 08:59 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 08:59 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 08:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 08:59 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 08:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 08:59 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 08:59 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 08:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 08:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-16 12:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-05-14 17:32 - 2012-06-13 15:58 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 10:28 - 2012-02-28 14:03 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\FileZilla
2012-05-11 10:24 - 2012-05-11 10:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 10:24 - 2012-05-11 10:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 10:24 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 22:35 - 2012-05-08 21:42 - 00000600 ____A C:\Users\Dragon\AppData\Roaming\PUTTY.RND
2012-05-08 22:35 - 2012-05-07 18:26 - 00000600 ____A C:\Users\Dragon\AppData\Local\PUTTY.RND
2012-05-08 18:19 - 2012-05-08 09:37 - 00000000 ____D C:\Users\Dragon\ZipForm
2012-05-08 09:37 - 2012-05-08 09:37 - 00000088 ____A C:\Users\Dragon\.java.policy
2012-05-06 21:03 - 2012-05-06 21:03 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\MindTerm
2012-05-04 03:06 - 2012-06-13 15:58 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 15:58 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 15:58 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 10:24 - 2012-03-12 14:37 - 00191824 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-05-03 10:23 - 2012-05-03 10:23 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-03 10:20 - 2012-02-19 19:01 - 00000000 ____D C:\Users\Dragon\AppData\Local\Adobe
2012-05-03 10:20 - 2012-02-19 02:01 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Adobe
2012-05-02 08:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-01 16:46 - 2012-05-01 16:46 - 04472832 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-04-30 21:40 - 2012-06-13 15:58 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 11:01 - 2012-03-23 17:24 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Epson
2012-04-27 19:55 - 2012-06-13 15:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 21:35 - 2012-04-26 19:38 - 00244174 ____A C:\Users\Guest\Documents\Tax Outline 2012.2.0.docx
2012-04-26 19:47 - 2012-04-26 18:45 - 00284312 ____A C:\Users\Guest\Desktop\TAXATION OF BUSINESS ENTERPRISES outline 3.docx
2012-04-25 21:41 - 2012-06-13 15:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 15:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 15:58 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 12:20 - 2012-04-25 12:20 - 00000000 ____D C:\Users\Dragon\AppData\Local\Brice_Lambson
2012-04-25 12:20 - 2012-04-25 12:20 - 00000000 ____D C:\Users\All Users\Package Cache
2012-04-25 12:20 - 2012-04-25 12:20 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2012-04-25 12:20 - 2012-04-25 12:20 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2012-04-24 09:53 - 2012-04-23 19:44 - 00000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-04-23 21:37 - 2012-06-13 15:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 15:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 15:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 15:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 15:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 15:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 19:41 - 2012-04-23 19:41 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-17 21:42 - 2012-03-03 11:01 - 00000000 ____D C:\Users\Guest\Documents\StarCraft II
2012-04-17 13:38 - 2012-04-17 13:38 - 00000442 ___AH C:\Windows\Tasks\Fortus Capital, LLC 1334698711.job
2012-04-17 10:38 - 2012-02-20 23:20 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\SteelSeries
2012-04-17 10:37 - 2012-02-20 23:20 - 00000000 ____D C:\Users\All Users\SteelSeries
2012-04-17 10:36 - 2012-02-20 23:20 - 00000000 ____D C:\Program Files\SteelSeries
2012-04-16 14:57 - 2012-04-16 14:57 - 00000000 ____D C:\Users\Guest\AppData\Local\Apple Computer
2012-04-16 14:57 - 2012-03-03 11:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2012-04-15 13:03 - 2012-04-14 14:05 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-04-15 12:29 - 2012-04-15 12:29 - 00288152 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-04-15 12:29 - 2012-04-15 12:29 - 00281774 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-04-15 12:08 - 2012-04-15 12:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Intuit
2012-04-15 12:08 - 2012-03-27 11:57 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2012-04-14 15:55 - 2012-04-14 14:06 - 00000000 ____D C:\Users\Dragon\AppData\Local\Intuit
2012-04-14 15:54 - 2012-04-14 14:05 - 00000000 ____D C:\Users\All Users\Intuit
2012-04-14 14:10 - 2012-04-14 14:10 - 00000000 ____D C:\Program Files\Common Files\Intuit
2012-04-14 14:09 - 2012-04-14 14:05 - 00000000 ____D C:\Users\All Users\SQL Anywhere 11
2012-04-14 14:08 - 2012-04-14 14:05 - 00000000 ____D C:\Program Files (x86)\Intuit
2012-04-14 14:05 - 2012-04-14 14:05 - 00000000 ____D C:\Users\Public\Documents\Intuit
2012-04-14 14:05 - 2012-04-14 14:05 - 00000000 ____D C:\Users\All Users\Nuance
2012-04-14 14:04 - 2012-04-14 14:04 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-14 14:03 - 2012-04-14 14:03 - 00000000 ____D C:\Windows\Intuit
2012-04-11 09:08 - 2012-04-04 09:17 - 00000000 ____D C:\Sites
2012-04-11 08:54 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-04-10 13:19 - 2012-04-10 13:19 - 00000000 ____D C:\Program Files\Common Files\VMware
2012-04-10 13:19 - 2012-04-10 10:58 - 00000000 ____D C:\Program Files (x86)\VMware
2012-04-10 11:54 - 2012-04-08 19:09 - 00000000 ____D C:\Program Files (x86)\hpmonitor
2012-04-10 10:58 - 2012-04-10 10:58 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2012-04-10 10:58 - 2012-02-25 17:50 - 00001024 ____A C:\.rnd
2012-04-08 19:09 - 2012-04-08 19:09 - 00000000 ____D C:\Program Files\MediaInfo
2012-04-08 14:02 - 2012-04-03 09:47 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\1UPIndustries
2012-04-08 14:02 - 2012-04-03 09:47 - 00000000 ____D C:\Users\All Users\1UPIndustries
2012-04-07 07:42 - 2012-04-07 07:42 - 00000000 ____D C:\Users\Dragon\AppData\Local\Sonos,_Inc
2012-04-07 04:31 - 2012-06-13 15:58 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 15:58 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 23:55 - 2012-04-06 23:55 - 00000000 ____D C:\Users\Dragon\AppData\Local\Downloaded Installations
2012-04-06 23:55 - 2012-04-06 23:55 - 00000000 ____D C:\Program Files (x86)\Sonos
2012-04-06 09:49 - 2012-04-06 09:49 - 00000000 ____D C:\Program Files\iTunes
2012-04-06 09:49 - 2012-04-06 09:49 - 00000000 ____D C:\Program Files\iPod
2012-04-06 09:49 - 2012-04-06 09:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-04-05 09:33 - 2012-04-05 09:28 - 00000000 ____D C:\Users\Dragon\.jedit
2012-04-04 17:10 - 2012-04-04 17:10 - 00000065 ____A C:\Users\Dragon\.gitconfig
2012-04-04 17:04 - 2012-04-04 09:18 - 00000000 ____D C:\Users\Dragon\.ssh
2012-04-04 14:56 - 2012-06-14 21:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 09:21 - 2012-04-04 09:21 - 00000000 ____D C:\Users\Dragon\.gem
2012-04-04 09:17 - 2012-04-04 09:17 - 00000000 ____D C:\RailsInstaller
2012-04-03 09:47 - 2012-04-03 09:47 - 00000000 ____D C:\Program Files\1UPIndustries
2012-04-01 18:54 - 2012-04-01 18:54 - 00000000 ____D C:\Users\All Users\Freemake
2012-04-01 18:54 - 2012-04-01 18:54 - 00000000 ____D C:\Program Files (x86)\Freemake
2012-03-30 03:35 - 2012-05-08 19:33 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 23:37 - 2012-03-27 23:37 - 00000000 ____D C:\Users\All Users\ATI
2012-03-27 23:24 - 2012-03-27 23:23 - 00000000 ____D C:\Program Files\ATI Technologies
2012-03-27 23:23 - 2012-03-27 23:23 - 00000000 ____D C:\Program Files\ATI
2012-03-27 12:40 - 2012-03-27 12:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2012-03-27 11:57 - 2012-03-03 11:01 - 00000000 ____D C:\Users\Guest\AppData\LocalLow
2012-03-27 11:56 - 2012-03-27 11:56 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Epson
2012-03-26 20:11 - 2012-02-25 16:45 - 00000000 ____D C:\Program Files\CrashPlan
2012-03-25 22:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-03-25 18:31 - 2012-02-21 10:35 - 00000000 ____D C:\Program Files (x86)\Brother
2012-03-25 18:30 - 2012-03-25 18:30 - 00000000 ____A C:\Windows\EEventManager.INI
2012-03-25 18:25 - 2012-03-23 17:23 - 00000000 ____D C:\Users\All Users\EPSON
2012-03-24 19:32 - 2012-02-21 10:42 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-03-23 17:34 - 2012-03-23 17:22 - 00000106 ____A C:\Windows\EP4540.ini
2012-03-23 17:32 - 2012-03-23 17:32 - 00000000 ____D C:\Users\Dragon\AppData\Roaming\Leadertech
2012-03-23 17:32 - 2012-03-23 17:23 - 00000000 ____D C:\Program Files (x86)\Epson Software
2012-03-23 17:31 - 2012-03-23 17:31 - 00000000 ____D C:\Program Files\Common Files\EPSON
2012-03-23 17:24 - 2012-03-23 17:24 - 00000000 ____D C:\Program Files\EpsonNet
2012-03-23 17:24 - 2012-03-23 17:24 - 00000000 ____D C:\Program Files\EPSON
2012-03-23 17:24 - 2012-02-19 00:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-23 17:23 - 2012-03-23 17:23 - 00000000 ____D C:\Program Files (x86)\Epson America Inc
2012-03-23 17:23 - 2012-03-23 17:23 - 00000000 ____D C:\Program Files (x86)\epson
2012-03-23 09:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-03-22 20:14 - 2012-02-19 01:55 - 00000000 ____D C:\Users\Dragon\AppData\Local\Google
2012-03-21 23:38 - 2012-03-21 23:38 - 00000000 ____D C:\Users\All Users\Synology
2012-03-20 19:44 - 2012-03-20 19:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys

ZeroAccess:
C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}
C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\@
C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\L
C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\n
C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\U

ZeroAccess:
C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}
C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\@
C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\L
C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 16360.86 MB
Available physical RAM: 15213.17 MB
Total Pagefile: 16359.06 MB
Available Pagefile: 15219.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:9.04 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (WDO_Media64) (Removable) (Total:3.92 GB) (Free:3.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (Emperor) (Fixed) (Total:2794.52 GB) (Free:1246.9 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 2794 GB 0 B *
Disk 1 Online 111 GB 0 B
Disk 2 Online 4014 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 2794 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Emperor NTFS Partition 2794 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 111 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4013 MB 32 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G WDO_Media64 NTFS Removable 4013 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-07 23:37

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 14-06-2012
Ran by SYSTEM at 2012-06-15 00:18:26
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

dreborn, Jun 15, 2012

#1
Broni Malware Annihilator Posts: 39,324 +175
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Attached Files:
- fixlist.txt
  
  File size:
  
  400 bytes
  
  Views:
  
  2
Broni, Jun 15, 2012

#2
dreborn Newcomer, in training Posts: 28

Thank you so much, Broni! My system seems to boot normally and it doesn't automatically force restart! You are my hero. =)

Note: I still can't change my firewall settings.

is MSE good enough to protect me going forward? Should I have a running anti malware as well?

anything else you want me to run?

Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-06-2012
Ran by SYSTEM at 2012-06-15 09:34:18 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4} moved successfully.
C:\Users\Dragon\AppData\Local\{b58b6628-02d0-6b52-8c97-2b4e1b53b3a4} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

dreborn, Jun 15, 2012

#3
Broni Malware Annihilator Posts: 39,324 +175
Good news

We need to run some more checks to make sure you're clean.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Jun 15, 2012

#4
dreborn Newcomer, in training Posts: 28

running combofix in safe mode (exited malware antibytes and turned off mse security essentials real time) but I am getting an error from combofix that MSE av and MSE antimalware is still running. can I press ok?

dreborn, Jun 15, 2012

#5

Broni Malware Annihilator Posts: 39,324 +175

Yes. In safe mode you can disregard those warnings.

Broni, Jun 15, 2012

#6

dreborn Newcomer, in training Posts: 28

ComboFix 12-06-15.03 - Dragon 06/15/2012 9:56.1.8 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16361.15099 [GMT -7:00]
Running from: c:\users\Dragon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 08:17 . 2012-06-15 08:17 -------- d-----w- C:\FRST
2012-06-15 07:03 . 2012-06-15 07:03 116016 ----a-w- c:\windows\system32\drivers\83023745.sys
2012-06-15 06:17 . 2012-06-15 06:16 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B3FDF11-07AA-431A-9E6E-E6E2A62C80F8}\gapaengine.dll
2012-06-15 06:16 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1451899-E8BE-4B69-B1F9-59EEED844A0A}\mpengine.dll
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-15 06:11 . 2012-06-15 06:11 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-15 06:06 . 2012-06-15 06:10 -------- d-----w- c:\programdata\HitmanPro
2012-06-15 05:55 . 2012-06-15 05:55 -------- d-----w- c:\users\Dragon\AppData\Roaming\Malwarebytes
2012-06-15 05:55 . 2012-06-15 05:55 -------- d-----w- c:\programdata\Malwarebytes
2012-06-15 05:55 . 2012-06-15 05:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-15 05:55 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-15 05:42 . 2012-06-15 05:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-15 05:38 . 2012-06-15 06:05 -------- d-----w- c:\program files (x86)\Common Files\BDA
2012-06-15 05:38 . 2012-06-15 05:38 -------- d-----w- c:\programdata\99058D9B000415CB00038E50B4EB2331
2012-06-15 04:25 . 2012-06-15 04:25 -------- d-----r- C:\ESD
2012-06-15 01:47 . 2012-06-15 01:47 -------- d-----w- c:\users\Dragon\AppData\Local\Macromedia
2012-06-13 23:58 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-08 22:55 . 2012-06-08 22:55 -------- d-----w- c:\users\Guest\AppData\Roaming\Notepad++
2012-06-07 06:54 . 2012-06-07 06:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-04 01:57 . 2012-06-04 01:57 -------- d-----w- c:\windows\Microsoft Antimalware
2012-06-04 01:13 . 2012-06-04 01:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-29 19:36 . 2012-05-29 19:37 -------- d-----w- c:\users\Dragon\.shsh
2012-05-28 23:32 . 2012-05-28 23:32 -------- d-----w- c:\users\Dragon\AppData\Local\libimobiledevice
2012-05-21 04:55 . 2012-06-14 18:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-21 04:55 . 2012-05-21 04:55 -------- d-----w- c:\windows\system32\Macromed
2012-05-20 18:14 . 2012-05-20 18:14 -------- d-----w- c:\users\Dragon\AppData\Local\Mozilla
2012-05-19 22:28 . 2012-06-07 06:09 -------- d-----w- c:\program files (x86)\Diablo III
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 18:53 . 2012-03-13 04:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 01:52 . 2012-02-26 01:50 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 01:52 . 2012-02-26 01:50 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 01:52 . 2012-02-26 01:50 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-30 11:35 . 2012-05-09 03:33 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Dragon\AppData\Roaming\Spotify\spotify.exe" [2012-05-11 9478320]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-04-05 231424]
"Spotify Web Helper"="c:\users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-11-14 103536]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-3-14 1178984]
.
c:\users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dragon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
RealTemp.exe - Shortcut.lnk - e:\downloads\RealTemp_370\RealTemp.exe [2012-2-28 216064]
SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2012-2-3 352768]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-4-26 2379616]
volume.ahk [2011-12-6 181]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-3-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-11-14 11839488]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257696]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-07 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atnthost;WebEx Remote Access Agent;c:\programdata\webex\MyWebEx\319\atnthost.exe [2011-12-15 16776]
S2 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-22 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - WinRing0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 18:53]
.
2012-06-14 c:\windows\Tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
- c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
.
2012-06-14 c:\windows\Tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
- c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
.
2012-06-14 c:\windows\Tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
- c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
.
2012-06-14 c:\windows\Tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
- c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
.
2012-06-14 c:\windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
- c:\program files\Allway Sync\Bin\syncappw.exe [2012-03-17 19:54]
.
2012-04-17 c:\windows\Tasks\Fortus Capital, LLC 1334698711.job
- c:\program files (x86)\Intuit\QuickBooks 2012\AutoBackupEXE.exe [2012-03-14 16:13]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000Core.job
- c:\users\Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 06:15]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000UA.job
- c:\users\Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 06:15]
.
2012-06-10 c:\windows\Tasks\Intel_C_CVCV15340AN7120BGN.job
- c:\program files (x86)\Intel\Intel(R) Solid-State Drive Toolbox\Intel SSD Toolbox.exe [2012-02-19 16:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Dragon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\
FF - prefs.js: browser.startup.homepage - about:home|hxxp://www.netvibes.com/privatepage/1#General
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\trillian\plugins\skypekit.exe
.
**************************************************************************
.
Completion time: 2012-06-15 10:00:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 17:00
.
Pre-Run: 9,600,057,344 bytes free
Post-Run: 11,474,493,440 bytes free
.
- - End Of File - - 5EC0CF6EC2AB9CBF601608BC6EA1546A

dreborn, Jun 15, 2012

#7
Broni Malware Annihilator Posts: 39,324 +175

Looks good.

Any current issues?

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===============================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Broni, Jun 15, 2012

#8
dreborn Newcomer, in training Posts: 28

only issue is that I can't turn on windows firewall but I can at least use my system now!

any idea where I got sirefef/liveplatinum? im usually very careful. first infection in prolly a decade

dreborn, Jun 15, 2012

#9
dreborn Newcomer, in training Posts: 28

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-15 10:15:30
-----------------------------
10:15:30.552 OS Version: Windows x64 6.1.7601 Service Pack 1
10:15:30.552 Number of processors: 8 586 0x2A07
10:15:30.552 ComputerName: DRAGON7 UserName: Dragon
10:15:30.771 Initialize success
10:15:55.933 AVAST engine defs: 12061500
10:16:00.114 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:16:00.114 Disk 0 Vendor: ST3000DM CC9C Size: 2861588MB BusType: 3
10:16:00.114 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:16:00.114 Disk 1 Vendor: INTEL_SS 400i Size: 114473MB BusType: 3
10:16:00.114 Disk 1 MBR read successfully
10:16:00.114 Disk 1 MBR scan
10:16:00.114 Disk 1 Windows 7 default MBR code
10:16:00.114 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:16:00.129 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
10:16:00.161 Disk 1 scanning C:\Windows\system32\drivers
10:16:05.153 Service scanning
10:16:14.279 Modules scanning
10:16:14.279 Disk 1 trace - called modules:
10:16:14.294 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:16:14.294 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800f874060]
10:16:14.294 3 CLASSPNP.SYS[fffff88001a5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800e64e050]
10:16:14.513 AVAST engine scan C:\Windows
10:16:15.246 AVAST engine scan C:\Windows\system32
10:17:36.616 AVAST engine scan C:\Windows\system32\drivers
10:17:40.469 AVAST engine scan C:\Users\Dragon
10:18:25.288 AVAST engine scan C:\ProgramData
10:18:55.739 Scan finished successfully
10:22:01.423 Disk 1 MBR has been saved successfully to "F:\MBR.dat"
10:22:01.454 The log file has been saved successfully to "F:\aswMBR.txt"

dreborn, Jun 15, 2012

#10
Broni Malware Annihilator Posts: 39,324 +175

We'll look into firewall issue.
There is really no way to trace an infection source.

I still need MBAM log.

Broni, Jun 15, 2012

#11
dreborn Newcomer, in training Posts: 28

yep sorry nothing popped up for mbam so didn;t know if you needed it. ill attach

dreborn, Jun 15, 2012

#12
dreborn Newcomer, in training Posts: 28

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dragon :: DRAGON7 [administrator]

Protection: Enabled

6/15/2012 10:13:37 AM
mbam-log-2012-06-15 (10-13-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229597
Time elapsed: 1 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

dreborn, Jun 15, 2012

#13
Broni Malware Annihilator Posts: 39,324 +175
Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Jun 15, 2012

#14
dreborn Newcomer, in training Posts: 28

OTL logfile created on: 6/15/2012 11:05:28 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 12.41 Gb Available Physical Memory | 77.66% Memory free
16.76 Gb Paging File | 12.95 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): c:\pagefile.sys 800 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 10.55 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Drive E: | 2794.52 Gb Total Space | 1247.11 Gb Free Space | 44.63% Space Free | Partition Type: NTFS

Computer Name: DRAGON7 | User Name: Dragon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 11:04:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL(1).exe
PRC - [2012/06/06 23:54:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dragon\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/11 11:32:05 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Dragon\AppData\Roaming\Spotify\spotify.exe
PRC - [2012/05/11 11:32:01 | 000,932,528 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/26 00:00:00 | 003,284,992 | ---- | M] () -- c:\Program Files (x86)\Trillian\plugins\skypekit.exe
PRC - [2012/04/26 00:00:00 | 002,379,616 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2012/04/06 13:15:04 | 000,352,768 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/03 22:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/03/14 09:14:52 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/03/14 08:19:46 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/02/24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/12/14 20:29:06 | 000,016,776 | ---- | M] (WebEx Communications, Inc.) -- C:\ProgramData\webex\MyWebEx\319\atnthost.exe
PRC - [2011/11/13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/11/13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/11/13 23:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/10/17 16:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/03/16 08:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/11/17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/09/21 18:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/15 09:59:40 | 000,034,166 | ---- | M] () -- C:\jexepackres\JX15DBC\natpmp.dll
MOD - [2012/06/14 23:08:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 11:15:52 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0767c3bc7cd93daf38517843d29ce808\IAStorUtil.ni.dll
MOD - [2012/06/14 11:08:15 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/06 23:54:31 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/11 11:42:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9eed0fcdc582550a65536d1150b49574\IAStorCommon.ni.dll
MOD - [2012/05/11 11:33:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 11:33:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 11:33:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 11:33:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 11:33:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 11:33:14 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/11 11:32:01 | 020,101,120 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012/05/11 11:32:01 | 000,932,528 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/04/26 00:00:00 | 003,284,992 | ---- | M] () -- c:\Program Files (x86)\Trillian\plugins\skypekit.exe
MOD - [2012/04/26 00:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\Trillian\libspeex.dll
MOD - [2012/04/26 00:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll
MOD - [2012/04/26 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll
MOD - [2012/04/26 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll
MOD - [2012/04/26 00:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\buddy.dll
MOD - [2012/04/26 00:00:00 | 000,007,168 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\talk.dll
MOD - [2012/04/26 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\trillian.dll
MOD - [2012/04/26 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\events.dll
MOD - [2012/04/26 00:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\toolkit.dll
MOD - [2012/04/06 13:15:06 | 000,178,688 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
MOD - [2012/04/06 13:15:06 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
MOD - [2012/04/06 13:15:06 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
MOD - [2012/04/06 13:15:05 | 000,876,032 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
MOD - [2012/04/06 13:15:05 | 000,426,496 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
MOD - [2012/04/06 13:15:05 | 000,358,912 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
MOD - [2012/04/06 13:15:05 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
MOD - [2012/04/06 13:15:05 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
MOD - [2012/04/06 13:15:05 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
MOD - [2012/04/06 13:15:05 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pywintypes27.dll
MOD - [2012/04/06 13:15:05 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
MOD - [2012/04/06 13:15:05 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
MOD - [2012/04/06 13:15:05 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
MOD - [2012/04/06 13:15:05 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
MOD - [2012/04/06 13:15:05 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
MOD - [2012/04/06 13:15:05 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
MOD - [2012/04/06 13:15:05 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
MOD - [2012/04/06 13:15:05 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
MOD - [2012/04/06 13:15:05 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
MOD - [2012/04/06 13:15:05 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
MOD - [2012/04/06 13:15:05 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\select.pyd
MOD - [2012/04/06 13:15:05 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
MOD - [2012/04/06 13:15:05 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
MOD - [2012/04/06 13:15:04 | 000,352,768 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
MOD - [2012/04/03 22:53:58 | 002,894,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2012/03/09 14:00:13 | 000,968,704 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/09/21 18:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/02/14 20:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/07 13:03:26 | 000,261,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/03/16 08:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/14 11:53:01 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/06 23:54:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/21 18:52:25 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/05/21 18:52:18 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/14 08:19:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/01/25 09:56:30 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/12/14 20:29:06 | 000,016,776 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\ProgramData\webex\MyWebEx\319\atnthost.exe -- (atnthost)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/11/13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/11/13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/11/13 22:55:18 | 011,839,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/09/26 10:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/09/16 15:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/14 23:11:44 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2012/05/21 18:52:19 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/14 20:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/14 19:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/20 08:00:46 | 000,106,496 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2012/01/20 08:00:46 | 000,034,944 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2011/11/13 23:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/11/13 23:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/11/13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/11/13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/10/17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/07/20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/05/20 16:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/09/16 15:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 96 69 4F BA 4A CD 01 [binary data]
IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home|http://www.netvibes.com/privatepage/1#General"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dragon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dragon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

dreborn, Jun 15, 2012

#15
dreborn Newcomer, in training Posts: 28

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/14 15:06:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 23:54:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/20 11:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dragon\AppData\Roaming\Mozilla\Extensions
[2012/06/14 18:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\extensions
[2012/06/14 18:47:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\extensions\foxmarks@kei.com
[2012/05/20 11:19:47 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\6qh11z58.default\extensions\support@lastpass.com
[2012/05/20 11:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/07 00:02:31 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\DRAGON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QH11Z58.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/05/20 23:58:37 | 000,255,318 | ---- | M] () (No name found) -- C:\USERS\DRAGON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QH11Z58.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI
[2012/06/06 23:54:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dragon\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dragon\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dragon\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dragon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\
CHR - Extension: LastPass = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.6_0\
CHR - Extension: TouristEye Planner = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg\9_0\
CHR - Extension: Google Maps = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Lazarus: Form Recovery = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\
CHR - Extension: Gmail = C:\Users\Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/15 09:59:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [Spotify] C:\Users\Dragon\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [Spotify Web Helper] C:\Users\Dragon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe ()
O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dragon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTemp.exe - Shortcut.lnk = E:\Downloads\RealTemp_370\RealTemp.exe (uWebb Software)
O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O4 - Startup: C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\volume.ahk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7223F051-FE51-4091-8ADE-35FCC80542A1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 10:23:21 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Local\iSpirit
[2012/06/15 09:59:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/15 09:58:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/15 09:56:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/15 09:56:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/15 09:56:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/15 09:46:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/15 09:46:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/15 09:46:43 | 004,559,180 | R--- | C] (Swearware) -- C:\Users\Dragon\Desktop\ComboFix.exe
[2012/06/15 01:17:25 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/15 00:03:56 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\83023745.sys
[2012/06/14 23:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/14 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/14 23:15:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/14 23:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/14 22:55:07 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Roaming\Malwarebytes
[2012/06/14 22:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/14 22:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 22:55:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/14 22:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/14 22:42:26 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/14 22:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BDA
[2012/06/14 22:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D9B000415CB00038E50B4EB2331
[2012/06/14 21:25:36 | 000,000,000 | R--D | C] -- C:\ESD
[2012/06/14 18:47:52 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Local\Macromedia
[2012/06/06 23:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/06 23:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/03 18:57:16 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/06/03 18:13:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/29 12:36:30 | 000,000,000 | ---D | C] -- C:\Users\Dragon\.shsh
[2012/05/28 16:32:40 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Local\libimobiledevice
[2012/05/20 21:55:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/20 11:14:48 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Roaming\Mozilla
[2012/05/20 11:14:48 | 000,000,000 | ---D | C] -- C:\Users\Dragon\AppData\Local\Mozilla
[2012/05/20 11:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/05/19 15:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/19 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III

========== Files - Modified Within 30 Days ==========

[2012/06/15 10:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 10:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000UA.job
[2012/06/15 10:06:38 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 10:06:38 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 09:59:42 | 000,807,886 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/15 09:59:42 | 000,680,378 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/15 09:59:42 | 000,128,476 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/15 09:59:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/15 09:59:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 09:44:30 | 004,559,180 | R--- | M] (Swearware) -- C:\Users\Dragon\Desktop\ComboFix.exe
[2012/06/15 00:03:56 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\83023745.sys
[2012/06/14 23:16:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/14 23:16:17 | 000,821,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/14 23:11:44 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/06/14 23:10:25 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/06/14 22:46:38 | 004,997,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 22:05:58 | 000,005,632 | ---- | M] () -- C:\Users\Dragon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/14 06:01:10 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
[2012/06/14 06:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
[2012/06/14 05:00:14 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
[2012/06/14 04:00:39 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
[2012/06/14 03:00:18 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
[2012/06/14 02:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000Core.job
[2012/06/10 03:40:12 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Intel_C_CVCV15340AN7120BGN.job
[2012/06/07 00:54:27 | 000,000,971 | ---- | M] () -- C:\Users\Dragon\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/01 15:59:52 | 000,001,049 | ---- | M] () -- C:\Users\Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/29 12:38:28 | 000,001,348 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012/05/24 22:18:51 | 000,007,609 | ---- | M] () -- C:\Users\Dragon\AppData\Local\Resmon.ResmonCfg
[2012/05/21 18:52:19 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/05/21 18:52:18 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/05/21 18:52:18 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

========== Files Created - No Company Name ==========

[2012/06/15 09:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/15 09:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/15 09:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/15 09:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/15 09:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/14 23:16:18 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/14 23:11:44 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/06/14 23:10:25 | 000,000,808 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/06/14 11:07:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/07 00:54:27 | 000,000,971 | ---- | C] () -- C:\Users\Dragon\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/20 11:14:45 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/08 22:42:26 | 000,000,600 | ---- | C] () -- C:\Users\Dragon\AppData\Roaming\PUTTY.RND
[2012/05/07 19:26:49 | 000,000,600 | ---- | C] () -- C:\Users\Dragon\AppData\Local\PUTTY.RND
[2012/04/20 08:25:49 | 000,005,632 | ---- | C] () -- C:\Users\Dragon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/14 15:05:08 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/03/25 19:30:49 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/03/23 18:22:43 | 000,000,106 | ---- | C] () -- C:\Windows\EP4540.ini
[2012/03/12 15:37:44 | 000,191,824 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/03/12 09:46:58 | 000,007,609 | ---- | C] () -- C:\Users\Dragon\AppData\Local\Resmon.ResmonCfg
[2012/02/29 00:53:25 | 000,004,096 | -H-- | C] () -- C:\Users\Dragon\AppData\Local\keyfile3.drm
[2012/02/21 11:42:03 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/02/21 11:42:03 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9440cn.dat
[2012/02/21 11:42:03 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/02/21 11:41:51 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/02/21 11:41:49 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/02/19 02:57:47 | 000,821,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/19 01:40:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/19 01:36:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/19 21:26:28 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2011/08/19 21:26:28 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2011/08/19 21:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config

========== LOP Check ==========

[2012/04/08 15:02:45 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\1UPIndustries
[2012/05/03 11:23:40 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/25 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\CrashPlan
[2012/06/15 09:59:46 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Dropbox
[2012/04/30 12:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Epson
[2012/05/11 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\FileZilla
[2012/06/01 08:00:59 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\HandBrake
[2012/03/23 18:32:31 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Leadertech
[2012/05/06 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\MindTerm
[2012/02/19 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Notepad++
[2012/06/15 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Spotify
[2012/04/17 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\SteelSeries
[2012/03/17 00:38:45 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Sync App Settings
[2012/02/19 11:22:37 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\Trillian
[2012/06/07 08:28:32 | 000,000,000 | ---D | M] -- C:\Users\Dragon\AppData\Roaming\uTorrent
[2012/03/27 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Epson
[2012/06/08 15:55:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Notepad++
[2012/03/03 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SteelSeries
[2012/06/14 06:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
[2012/06/14 05:00:14 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
[2012/06/14 04:00:39 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
[2012/06/14 06:01:10 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
[2012/06/14 03:00:18 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
[2012/04/17 14:38:46 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\Fortus Capital, LLC 1334698711.job
[2009/07/13 22:08:49 | 000,019,448 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/04/10 11:58:28 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/06/15 10:00:41 | 000,024,476 | ---- | M] () -- C:\ComboFix.txt
[2012/06/15 09:59:27 | 838,860,800 | -HS- | M] () -- C:\pagefile.sys
[2012/06/14 22:52:57 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2012/06/03 18:13:17 | 000,137,352 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_03.06.2012_18.12.55_log.txt
[2012/06/15 00:04:20 | 000,136,012 | ---- | M] () -- C:\TDSSKiller.2.7.39.0_15.06.2012_00.03.56_log.txt
[2012/06/15 09:51:11 | 000,015,342 | ---- | M] () -- C:\test.log

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/12 02:17:44 | 000,000,221 | -HS- | M] () -- C:\Users\Dragon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/15 09:44:30 | 004,559,180 | R--- | M] (Swearware) -- C:\Users\Dragon\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/15 10:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/14 06:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{43EF9D144C5BCAA06DB442334766A4A1}.job
[2012/06/14 05:00:14 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{45E5C387E307B1C3881AD4D30DB2B796}.job
[2012/06/14 04:00:39 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{47D430BC3C7BF20BA4CF6D65DE5E76A6}.job
[2012/06/14 06:01:10 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{495C90479FCE17D0BAAA76C781C684B9}.job
[2012/06/14 03:00:18 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
[2012/04/17 14:38:46 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Fortus Capital, LLC 1334698711.job
[2012/06/14 02:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000Core.job
[2012/06/15 10:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229342774-3388454487-1059482264-1000UA.job
[2012/06/10 03:40:12 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Intel_C_CVCV15340AN7120BGN.job
[2012/06/15 09:59:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/13 22:08:49 | 000,019,448 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/19 19:23:06 | 000,000,402 | -HS- | M] () -- C:\Users\Dragon\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >

dreborn, Jun 15, 2012

#16
dreborn Newcomer, in training Posts: 28

OTL Extras logfile created on: 6/15/2012 11:05:28 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 12.41 Gb Available Physical Memory | 77.66% Memory free
16.76 Gb Paging File | 12.95 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): c:\pagefile.sys 800 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 10.55 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Drive E: | 2794.52 Gb Total Space | 1247.11 Gb Free Space | 44.63% Space Free | Partition Type: NTFS

Computer Name: DRAGON7 | User Name: Dragon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B1D3C64-EEBC-4807-93FF-DB71719E77F7}" = Image Resizer for Windows (64 bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel(R) Network Connections 16.5.2.0
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAF63FF7-1DB6-44D4-91C3-E9422166E8F9}" = CrashPlan
"Allway Sync_is1" = Allway Sync version 12.0.8
"AutoHotkey" = AutoHotkey 1.1.06.02
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"EPSON WP-4540 Series" = EPSON WP-4540 Series Printer Uninstall
"MediaInfo" = MediaInfo 0.7.55
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PROSetDX" = Intel(R) Network Connections 16.5.2.0
"SteelSeries Engine" = SteelSeries Engine

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2556333D-27B8-4CCE-9DC3-A6CC382F3409}" = QuickBooks Premier: Contractor Edition 2012
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26518E9D-031C-4BF9-907E-B2A91AEB9096}" = QuickBooks Remote Access
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2BFDA78F-39F7-4537-9995-71424CFA88BB}" = LogMeIn
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}" = PCMark 7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}" = Image Resizer for Windows
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Air Video Server" = Air Video Server 2.4.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.1
"HandBrake" = HandBrake 0.9.6
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Intel(R) Solid-State Drive Toolbox" = Intel(R) Solid-State Drive Toolbox
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"Picasa 3" = Picasa 3
"SABnzbd" = SABnzbd 0.7.0Beta2
"StarCraft II" = StarCraft II
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"VMware_Workstation" = VMware Workstation
"WampServer 2_is1" = WampServer 2.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2229342774-3388454487-1059482264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{613C3EA5-1248-4E35-B61A-6D0B31BBC0DB}_is1" = RailsInstaller 2.1.0
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2012 2:29:19 AM | Computer Name = Dragon7 | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: The RPC server is unavailable. .

Error - 6/15/2012 2:31:50 AM | Computer Name = Dragon7 | Source = MSDTC Client 2 | ID = 4104
Description =

Error - 6/15/2012 2:32:13 AM | Computer Name = Dragon7 | Source = Application Error | ID = 1000
Description = Faulting application name: ApplePhotoStreams.exe, version: 7.2.5.1,
time stamp: 0x4f3a19cc Faulting module name: MSVCR80.dll, version: 8.0.50727.6195,
time stamp: 0x4dcddbf3 Exception code: 0xc0000005 Fault offset: 0x0001500a Faulting
process id: 0xd0c Faulting application start time: 0x01cd4ac089e38602 Faulting application
path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report
Id: d7041b12-b6b3-11e1-a45d-005056c00008

Error - 6/15/2012 2:35:10 AM | Computer Name = Dragon7 | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: The RPC server is unavailable. .

Error - 6/15/2012 2:47:42 AM | Computer Name = Dragon7 | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: The RPC server is unavailable. .

Error - 6/15/2012 12:37:23 PM | Computer Name = Dragon7 | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2012 12:55:27 PM | Computer Name = Dragon7 | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2012 12:56:14 PM | Computer Name = Dragon7 | Source = VSS | ID = 18
Description =

Error - 6/15/2012 12:56:14 PM | Computer Name = Dragon7 | Source = VSS | ID = 8193
Description =

Error - 6/15/2012 1:01:18 PM | Computer Name = Dragon7 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/15/2012 12:59:30 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error:
%%2

Error - 6/15/2012 12:59:31 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7000
Description = The mysql service failed to start due to the following error: %%2

Error - 6/15/2012 12:59:31 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 6/15/2012 12:59:34 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7024
Description = The VMware Workstation Server service terminated with service-specific
error %%-1.

Error - 6/15/2012 12:59:36 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
luafv

Error - 6/15/2012 12:59:36 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 6/15/2012 12:59:46 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 6/15/2012 12:59:46 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 6/15/2012 1:00:09 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 6/15/2012 1:00:09 PM | Computer Name = Dragon7 | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

< End of report >

dreborn, Jun 15, 2012

#17
Broni Malware Annihilator Posts: 39,324 +175
OTL logs are clean.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

===========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Jun 15, 2012

#18
dreborn Newcomer, in training Posts: 28

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
JavaFX 2.1.1
Java(TM) 6 Update 32
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Flash Player 11.3.300.257
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

says out of date java but I upgraded with the link u sent and used the java removal program to get rid of old version

dreborn, Jun 15, 2012

#19
dreborn Newcomer, in training Posts: 28

Farbar Service Scanner Version: 09-06-2012
Ran by Dragon (administrator) on 15-06-2012 at 12:08:42
Running from "E:\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 16:58] - [2012-04-23 22:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

dreborn, Jun 15, 2012

#20

Page 1 of 3

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.