TechSpot

Sirefef / restart in 1 min problem

By john14354yc5
Jun 28, 2012
  1. Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
    Ran by SYSTEM at 28-06-2012 00:16:45
    Running from G:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9650720 2009-12-25] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKU\REALITY\...\Run: [Google Update] "C:\Users\REALITY\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-30] (Google Inc.)
    HKU\REALITY\...\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [x]
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Startup: C:\Users\REALITY\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services (Whitelisted) ======

    2 Adobe Licensing Console; C:\Windows\SysWow64\msvfd32.exe [818169 2012-01-03] ( )
    2 mi-raysat_3dsmax2010_32; "C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" [86016 2009-03-12] ()
    2 mi-raysat_3dsmax2010_64; "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe" [86016 2009-03-12] ()
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
    4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [61976 2009-07-22] (Microsoft Corporation)
    4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)

    ========================== Drivers (Whitelisted) =============

    4 RsFx0103; C:\Windows\System32\Drivers\RsFx0103.sys [311656 2009-03-30] (Microsoft Corporation)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-04] (Duplex Secure Ltd.)
    3 VSPerfDrv100; \??\C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
    3 MSICDSetup; \??\E:\CDriver64.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x]
    3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-28 00:16 - 2012-06-28 00:16 - 00000000 ____D C:\FRST
    2012-06-27 12:37 - 2012-06-27 12:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.740A459601A8D7BE
    2012-06-27 12:36 - 2012-06-27 12:37 - 00001266 ____A C:\Users\REALITY\Desktop\shutdownstop.exe.lnk
    2012-06-27 12:28 - 2012-06-27 12:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6F38D8FF995730A
    2012-06-27 12:24 - 2012-06-27 12:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26C803E20261B60A
    2012-06-27 12:19 - 2012-06-27 12:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-27 12:18 - 2012-06-27 12:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-27 12:18 - 2012-06-27 12:18 - 12621696 ____A (Microsoft Corporation) C:\Users\REALITY\Downloads\mseinstall.exe
    2012-06-27 12:13 - 2012-06-27 12:13 - 00347424 ____A (Microsoft Corporation) C:\Users\REALITY\Downloads\MicrosoftFixit.wu.LB.80264256829484749.3.1.Run.exe
    2012-06-27 11:40 - 2012-06-27 11:40 - 00677376 ____A C:\Users\REALITY\Downloads\MicrosoftFixit50687(1).msi
    2012-06-27 11:37 - 2012-06-27 11:37 - 00347424 ____A (Microsoft Corporation) C:\Users\REALITY\Downloads\MicrosoftFixit.WindowsFirewall.RNP.80264256125479141.2.1.Run.exe
    2012-06-27 11:32 - 2012-06-27 11:32 - 00677376 ____A C:\Users\REALITY\Downloads\MicrosoftFixit50687.msi
    2012-06-27 11:31 - 2012-06-27 11:31 - 00347424 ____A (Microsoft Corporation) C:\Users\REALITY\Downloads\MicrosoftFixit.wu.Run.exe
    2012-06-27 06:27 - 2012-06-27 11:09 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
    2012-06-26 16:19 - 2012-06-26 16:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-26 16:05 - 2012-06-26 16:05 - 00140832 ____A C:\Windows\SysWOW64\Drivers\str.sys
    2012-06-18 13:38 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-18 13:38 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-18 13:38 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-18 13:38 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-18 13:38 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-18 13:38 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-18 13:38 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-18 13:38 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-18 13:38 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-16 10:09 - 2012-06-16 10:09 - 00374632 ____A C:\Windows\Minidump\061612-34975-01.dmp
    2012-06-16 10:09 - 2012-06-16 10:09 - 00000000 ____D C:\Windows\Minidump
    2012-06-15 06:44 - 2012-06-15 06:44 - 00000000 ____D C:\Users\REALITY\AppData\Local\Macromedia
    2012-06-15 06:02 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-15 06:02 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-15 06:02 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-15 06:02 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-15 06:02 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-15 06:02 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-15 06:02 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-15 06:02 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-15 06:02 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-15 06:02 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-15 06:02 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-15 06:02 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-15 06:02 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-15 06:02 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-15 06:02 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-15 06:02 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-15 06:02 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-15 06:02 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-15 06:02 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-15 06:02 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-15 06:02 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-15 06:02 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-15 06:02 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-15 06:02 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-15 06:02 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-15 06:02 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-15 06:02 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-15 06:02 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 09:48 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 09:48 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 09:48 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 09:48 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 09:48 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-13 09:48 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 09:48 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 09:48 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 09:48 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-05 12:56 - 2012-06-05 12:56 - 00376800 ____A C:\Users\REALITY\Documents\parking citation.xps
    2012-06-02 11:45 - 2012-06-07 08:14 - 00000499 ____A C:\Users\REALITY\Documents\disadvantages.txt
    2012-06-01 18:46 - 2012-06-01 18:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-06-01 18:46 - 2012-06-01 18:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-06-01 18:33 - 2012-06-27 12:26 - 00000898 ____A C:\Windows\PFRO.log
    2012-05-30 20:37 - 2012-05-30 20:37 - 00002186 ____A C:\Users\REALITY\Desktop\REA's TESTware for CLEP College Composition.lnk
    2012-05-29 16:16 - 2012-05-29 16:16 - 01285500 ____A C:\Users\REALITY\Downloads\student_consent_for_release_of_records_form-2.psd
    2012-05-29 16:08 - 2012-05-29 16:08 - 01347100 ____A C:\Users\REALITY\Downloads\student_consent_for_release_of_records_form-1.psd

    ============ 3 Months Modified Files and Folders =============

    2012-06-28 00:16 - 2012-06-28 00:16 - 00000000 ____D C:\FRST
    2012-06-27 22:49 - 2012-05-27 00:00 - 00001447 ____A C:\Windows\setupact.log
    2012-06-27 22:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-27 22:36 - 2012-04-23 15:26 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-27 22:33 - 2011-11-30 08:18 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139173926-379787292-1441203389-1000UA.job
    2012-06-27 13:23 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-27 13:23 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-27 12:37 - 2012-06-27 12:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.740A459601A8D7BE
    2012-06-27 12:37 - 2012-06-27 12:36 - 00001266 ____A C:\Users\REALITY\Desktop\shutdownstop.exe.lnk
    2012-06-27 12:31 - 2012-04-23 15:26 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-27 12:28 - 2012-06-27 12:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6F38D8FF995730A
    2012-06-27 12:28 - 2011-11-30 07:11 - 01454289 ____A C:\Windows\WindowsUpdate.log
    2012-06-27 12:27 - 2012-01-11 11:44 - 00000000 __SHD C:\Users\REALITY\AppData\Local\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}
    2012-06-27 12:26 - 2012-06-01 18:33 - 00000898 ____A C:\Windows\PFRO.log
    2012-06-27 12:24 - 2012-06-27 12:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26C803E20261B60A
    2012-06-27 12:19 - 2012-06-27 12:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-27 12:19 - 2012-06-27 12:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-27 12:19 - 2011-12-18 09:41 - 00486096 ____A C:\Windows\System32\perfh011.dat
    2012-06-27 12:19 - 2011-12-18 09:41 - 00147520 ____A C:\Windows\System32\perfc011.dat
    2012-06-27 12:19 - 2011-12-03 17:12 - 02183698 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-27 12:19 - 2011-11-30 13:49 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-27 12:19 - 2011-11-30 08:06 - 00497690 ____A C:\Windows\System32\perfh012.dat
    2012-06-27 12:19 - 2011-11-30 08:06 - 00145808 ____A C:\Windows\System32\perfc012.dat
    2012-06-27 12:18 - 2012-06-27 12:18 - 12621696 ____A (Microsoft Corporation) C:\Users\REALITY\Downloads\mseinstall.exe
    2012-06-27 12:13 - 2012-06-27 12:13 - 00347424 ____A (Microsoft Corporation) C:\Users\REALITY\Downloads\MicrosoftFixit.wu.LB.80264256829484749.3.1.Run.exe
    2012-06-27 12:10 - 2011-12-03 05:57 - 00000000 ____D C:\Users\REALITY\AppData\Roaming\foobar2000
    2012-06-27 12:07 - 2012-04-14 05:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-27 11:47 - 2009-07-13 21:13 - 02142656 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-27 11:40 - 2012-06-27 11:40 - 00677376 ____A C:\Users\REALITY\Downloads\MicrosoftFixit50687(1).msi
    2012-06-27 11:37 - 2012-06-27 11:37 - 00347424 ____A (Microsoft Corporation) C:\Users\REALITY\Downloads\MicrosoftFixit.WindowsFirewall.RNP.80264256125479141.2.1.Run.exe
    2012-06-27 11:32 - 2012-06-27 11:32 - 00677376 ____A C:\Users\REALITY\Downloads\MicrosoftFixit50687.msi
    2012-06-27 11:31 - 2012-06-27 11:31 - 00347424 ____A (Microsoft Corporation) C:\Users\REALITY\Downloads\MicrosoftFixit.wu.Run.exe
    2012-06-27 11:09 - 2012-06-27 06:27 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
    2012-06-27 11:08 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-06-26 16:19 - 2012-06-26 16:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-26 16:05 - 2012-06-26 16:05 - 00140832 ____A C:\Windows\SysWOW64\Drivers\str.sys
    2012-06-26 09:48 - 2012-04-24 06:02 - 00001369 ____A C:\Users\REALITY\Documents\list.txt
    2012-06-26 09:46 - 2012-03-27 12:30 - 00001441 ____A C:\Users\REALITY\Documents\stuff2.txt
    2012-06-25 09:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-06-25 06:43 - 2012-04-25 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-24 23:09 - 2012-05-22 21:24 - 00000993 ____A C:\Users\REALITY\Documents\questions for digipen.txt
    2012-06-24 23:09 - 2012-02-04 15:23 - 00005296 ____A C:\Users\REALITY\Documents\hi.txt
    2012-06-24 18:16 - 2011-12-04 07:33 - 00000000 ____D C:\Users\REALITY\AppData\Roaming\uTorrent
    2012-06-24 00:33 - 2011-11-30 08:18 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139173926-379787292-1441203389-1000Core.job
    2012-06-23 15:59 - 2011-12-12 16:43 - 00002868 ____A C:\Users\REALITY\Documents\stuff.txt
    2012-06-23 13:07 - 2012-04-14 05:05 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-23 13:07 - 2011-12-03 16:57 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-17 11:24 - 2011-11-30 11:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-16 10:09 - 2012-06-16 10:09 - 00374632 ____A C:\Windows\Minidump\061612-34975-01.dmp
    2012-06-16 10:09 - 2012-06-16 10:09 - 00000000 ____D C:\Windows\Minidump
    2012-06-15 06:44 - 2012-06-15 06:44 - 00000000 ____D C:\Users\REALITY\AppData\Local\Macromedia
    2012-06-15 06:14 - 2009-07-13 20:45 - 00530448 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-15 06:11 - 2012-01-01 23:10 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-15 06:07 - 2011-11-30 07:29 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-11 21:34 - 2011-11-30 08:18 - 00002369 ____A C:\Users\REALITY\Desktop\Google Chrome.lnk
    2012-06-11 16:57 - 2011-12-05 00:21 - 00000000 ____D C:\Users\REALITY\Downloads\tx
    2012-06-11 15:49 - 2011-12-19 22:05 - 00000000 ____D C:\Program Files (x86)\DigiPen
    2012-06-09 18:58 - 2012-05-04 07:53 - 00000777 ____A C:\Users\REALITY\Documents\need for digipen.txt
    2012-06-08 21:17 - 2012-05-23 17:11 - 00010586 ____A C:\Users\REALITY\Documents\digipendatesandcostspaid.xlsx
    2012-06-07 08:14 - 2012-06-02 11:45 - 00000499 ____A C:\Users\REALITY\Documents\disadvantages.txt
    2012-06-05 16:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-06-05 12:56 - 2012-06-05 12:56 - 00376800 ____A C:\Users\REALITY\Documents\parking citation.xps
    2012-06-02 14:19 - 2012-06-18 13:38 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 13:38 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 13:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-18 13:38 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 13:38 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 13:38 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 13:38 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 13:38 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-18 13:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 08:27 - 2012-04-23 09:36 - 00000000 ____D C:\Users\All Users\Rosetta Stone
    2012-06-01 19:17 - 2012-02-08 20:40 - 00007614 ____A C:\Users\REALITY\AppData\Local\Resmon.ResmonCfg
    2012-06-01 18:46 - 2012-06-01 18:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-06-01 18:46 - 2012-06-01 18:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-06-01 18:33 - 2011-12-04 07:34 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-05-30 20:37 - 2012-05-30 20:37 - 00002186 ____A C:\Users\REALITY\Desktop\REA's TESTware for CLEP College Composition.lnk
    2012-05-30 20:37 - 2012-05-05 06:38 - 00000000 ____D C:\Program Files (x86)\REA
    2012-05-29 16:16 - 2012-05-29 16:16 - 01285500 ____A C:\Users\REALITY\Downloads\student_consent_for_release_of_records_form-2.psd
    2012-05-29 16:08 - 2012-05-29 16:08 - 01347100 ____A C:\Users\REALITY\Downloads\student_consent_for_release_of_records_form-1.psd
    2012-05-29 15:58 - 2011-12-04 07:32 - 00000000 ____D C:\Program Files\PeerBlock
    2012-05-27 00:00 - 2012-05-27 00:00 - 00000000 ____A C:\Windows\setuperr.log
    2012-05-26 05:30 - 2011-11-30 10:28 - 00000000 ____D C:\Users\REALITY\AppData\Roaming\vlc
    2012-05-25 08:00 - 2011-12-04 09:15 - 00000000 ____D C:\Users\REALITY\AppData\Roaming\DAEMON Tools Lite
    2012-05-24 17:03 - 2012-05-23 14:43 - 00011753 ____A C:\Users\REALITY\Documents\digipen budget.xlsx
    2012-05-22 13:11 - 2012-05-22 13:11 - 00000943 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-05-21 14:25 - 2012-05-21 14:25 - 01213218 ____A C:\Users\REALITY\Documents\psychologytest.xps
    2012-05-17 18:47 - 2012-06-15 06:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-15 06:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-15 06:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-15 06:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-15 06:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-15 06:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-15 06:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-15 06:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-15 06:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-15 06:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-15 06:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-15 06:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-15 06:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-15 06:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-15 06:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-15 06:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-15 06:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-15 06:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-15 06:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-15 06:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-15 06:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-15 06:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-15 06:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-15 06:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-15 06:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-15 06:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-15 06:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-15 06:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 17:32 - 2012-06-13 09:48 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-11 19:42 - 2012-05-11 19:42 - 00000000 ____D C:\Users\All Users\ATI
    2012-05-11 19:42 - 2012-05-11 19:42 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2012-05-11 19:42 - 2012-03-15 09:36 - 00000000 ____D C:\Users\All Users\AMD
    2012-05-11 19:41 - 2012-05-11 19:41 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-05-11 19:41 - 2011-11-30 09:05 - 00000000 ____D C:\Program Files\ATI Technologies
    2012-05-11 19:12 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-11 17:54 - 2012-05-11 17:54 - 00000678 ____A C:\Users\Public\Desktop\osu!.lnk
    2012-05-11 17:53 - 2012-05-11 17:53 - 00000000 ____D C:\Users\REALITY\AppData\Roaming\Downloaded Installations
    2012-05-11 10:21 - 2012-01-03 08:16 - 00001535 ____A C:\Users\REALITY\Documents\apartments.txt
    2012-05-08 19:45 - 2011-11-30 08:18 - 00160328 ____A C:\Users\REALITY\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-05 21:11 - 2012-01-30 16:42 - 00001372 ____A C:\Users\REALITY\Documents\accountsLOL.txt
    2012-05-05 06:38 - 2012-05-05 06:38 - 00002181 ____A C:\Users\REALITY\Desktop\REA's TESTware for CLEP Introductory Sociology.lnk
    2012-05-04 03:06 - 2012-06-13 09:48 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 09:48 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 09:48 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-02 21:14 - 2011-11-30 09:22 - 00000000 ____D C:\2
    2012-05-02 21:12 - 2012-05-02 21:12 - 00021738 ____A C:\Users\REALITY\Downloads\100.xhtml
    2012-04-27 21:32 - 2012-06-13 09:48 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-27 19:55 - 2012-06-13 09:48 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 23:25 - 2012-04-25 23:25 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-04-25 21:41 - 2012-06-13 09:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 09:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 09:48 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:22 - 2012-04-09 12:20 - 00000736 ____A C:\Users\REALITY\Documents\****.txt
    2012-04-23 15:28 - 2012-04-23 15:28 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-04-23 15:28 - 2012-04-23 15:26 - 00000000 ____D C:\Program Files (x86)\Google
    2012-04-23 15:28 - 2011-11-30 08:18 - 00000000 ____D C:\Users\REALITY\AppData\Local\Google
    2012-04-23 15:26 - 2012-04-23 15:26 - 00739816 ____A (Google Inc.) C:\Users\REALITY\Downloads\GoogleEarthSetup.exe
    2012-04-20 10:15 - 2012-02-06 18:14 - 00000000 ____D C:\Windows\SysWOW64\directx
    2012-04-13 07:31 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-04-10 14:09 - 2012-04-10 13:32 - 00155091 ____A C:\debug.fz10.mes
    2012-04-10 13:58 - 2012-04-10 13:32 - 00000287 ____A C:\debug.fz10.reg
    2012-04-10 13:58 - 2012-04-10 13:30 - 00001632 ____A C:\debug.fz10.log
    2012-04-09 11:43 - 2012-03-03 18:28 - 00000000 ____D C:\Users\All Users\VMware
    2012-04-09 11:41 - 2012-03-05 02:44 - 00000000 ____D C:\Users\REALITY\AppData\Roaming\VMware
    2012-04-09 11:40 - 2012-02-09 16:23 - 00000000 ____D C:\Users\REALITY\AppData\Roaming\Opera
    2012-04-09 11:40 - 2012-02-09 16:23 - 00000000 ____D C:\Users\REALITY\AppData\Local\Opera
    2012-04-09 11:40 - 2011-11-30 08:18 - 00000000 ____D C:\Users\REALITY\AppData\Local\Deployment
    2012-04-09 11:39 - 2012-02-09 16:46 - 00000000 ____D C:\Program Files (x86)\K-Meleon
    2012-04-09 11:38 - 2012-04-02 20:40 - 00000000 ____D C:\Users\All Users\NexonUS
    2012-04-08 19:09 - 2012-04-05 14:56 - 00013275 ____A C:\Users\REALITY\Documents\atlantica.xlsx
    2012-04-05 21:34 - 2012-04-05 21:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-04-05 21:34 - 2012-04-05 21:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-04-05 21:34 - 2012-04-05 21:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-04-05 21:33 - 2012-04-05 21:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-04-05 21:33 - 2012-04-05 21:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-04-05 21:33 - 2012-04-05 21:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-04-05 21:32 - 2012-04-05 21:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
    2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-04-05 18:21 - 2012-02-14 19:18 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-04-05 18:20 - 2012-04-05 18:20 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-04-05 18:13 - 2012-02-14 19:07 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-04-05 18:00 - 2011-04-20 01:27 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
    2012-04-05 17:54 - 2012-04-05 17:54 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
    2012-04-05 17:34 - 2012-04-05 17:34 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-04-05 17:34 - 2012-04-05 17:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
    2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-04-05 17:23 - 2012-04-05 17:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-04-05 17:22 - 2012-04-05 17:22 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-04-05 17:09 - 2012-04-05 17:09 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-04-05 17:09 - 2012-04-05 17:09 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-04-05 17:09 - 2012-02-14 18:12 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-04-05 17:09 - 2011-04-20 01:21 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-04-02 20:57 - 2012-04-02 20:57 - 00000000 ____D C:\Users\All Users\Nexon
    2012-04-02 19:41 - 2012-04-02 19:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
    2012-04-01 23:33 - 2012-03-05 02:44 - 00000000 ____D C:\Users\REALITY\AppData\Local\VMware
    2012-04-01 09:43 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp

    ZeroAccess:
    C:\Windows\Installer\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}
    C:\Windows\Installer\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}\@
    C:\Windows\Installer\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}\L
    C:\Windows\Installer\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}\U
    C:\Windows\Installer\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}\U\800000cb.@

    ZeroAccess:
    C:\Users\REALITY\AppData\Local\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}
    C:\Users\REALITY\AppData\Local\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}\@
    C:\Users\REALITY\AppData\Local\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}\L
    C:\Users\REALITY\AppData\Local\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-06-27 11:08] - 0328704 ____A (Microsoft Corporation) FCB084FA3DCB7449F3BAA13312A215B4

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 16%
    Total physical RAM: 3959.12 MB
    Available physical RAM: 3320.46 MB
    Total Pagefile: 3957.27 MB
    Available Pagefile: 3307.32 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:139.73 GB) (Free:6.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive f: (e) (Fixed) (Total:931.51 GB) (Free:127.38 GB) NTFS
    4 Drive g: (KINGSTON) (Removable) (Total:0.48 GB) (Free:0.38 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: () (Fixed) (Total:298.09 GB) (Free:38.21 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 139 GB 0 B
    Disk 2 Online 931 GB 0 B
    Disk 3 Online 492 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 298 GB 1024 KB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 298 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 139 GB 1024 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 139 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F e NTFS Partition 931 GB Healthy

    ======================================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 491 MB 16 KB

    ======================================================================================================

    Disk: 3
    Partition 1
    Type : 0E
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G KINGSTON FAT Removable 491 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-17 23:04

    ======================= End Of Log ==========================
     
  2. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 25-06-2012
    Ran by SYSTEM at 2012-06-28 00:18:22
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-06-27 11:08] - 0328704 ____A (Microsoft Corporation) FCB084FA3DCB7449F3BAA13312A215B4

    ====== End Of Search ======
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    See if you can start normally.

    If so...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  4. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
    Ran by SYSTEM at 2012-06-28 18:57:15 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\services.exe.740A459601A8D7BE moved successfully.
    C:\Windows\System32\services.exe.F6F38D8FF995730A moved successfully.
    C:\Windows\System32\services.exe.26C803E20261B60A moved successfully.
    C:\Windows\Installer\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d} moved successfully.
    C:\Users\REALITY\AppData\Local\{e1e8d27c-54ff-d1a8-bb9d-6e7743dc063d} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  5. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    ComboFix 12-06-28.03 - REALITY 06/28/2012 19:07:22.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3959.2488 [GMT -7:00]
    Running from: c:\users\REALITY\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.dat
    c:\users\REALITY\AppData\Local\assembly\tmp
    c:\windows\Downloaded Program Files\IDropPTB.dll
    c:\windows\SysWow64\drivers\str.sys
    c:\windows\SysWow64\msvfd32.exe
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Adobe Licensing Console
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-28 08:16 . 2012-06-28 08:17--------d-----w-C:\FRST
    2012-06-27 20:20 . 2012-06-27 20:20927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6D271E4-C7BA-43AA-99CE-DF6DCB4EB99C}\gapaengine.dll
    2012-06-27 20:20 . 2012-05-31 04:049013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13B01809-2A37-4E72-8D90-AC56957ABFA7}\mpengine.dll
    2012-06-27 20:19 . 2012-06-27 20:19--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-06-27 20:18 . 2012-06-27 20:19--------d-----w-c:\program files\Microsoft Security Client
    2012-06-27 14:27 . 2012-06-27 19:09--------d---a-w-C:\Kaspersky Rescue Disk 10.0
    2012-06-27 00:19 . 2012-06-27 00:19--------d-sh--w-c:\windows\system32\%APPDATA%
    2012-06-18 21:38 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-18 21:38 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-18 21:38 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-18 21:38 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-18 21:38 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-18 21:38 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-18 21:38 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-18 21:38 . 2012-06-02 22:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-18 21:38 . 2012-06-02 22:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-17 19:24 . 2012-06-17 19:24770384----a-w-c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-17 19:24 . 2012-06-17 19:24421200----a-w-c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-15 14:44 . 2012-06-15 14:44--------d-----w-c:\users\REALITY\AppData\Local\Macromedia
    2012-06-13 17:48 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-13 17:48 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-06-13 17:48 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-06-13 17:48 . 2012-05-04 11:065559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-06-13 17:48 . 2012-05-04 10:033913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 17:48 . 2012-05-04 10:033968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 17:48 . 2012-05-15 01:323146752----a-w-c:\windows\system32\win32k.sys
    2012-06-13 17:48 . 2012-04-28 05:321112064----a-w-c:\windows\system32\rdpcorets.dll
    2012-06-13 17:48 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-06-02 02:46 . 2012-06-02 02:46--------d-----w-c:\program files\Microsoft Silverlight
    2012-06-02 02:46 . 2012-06-02 02:46--------d-----w-c:\program files (x86)\Microsoft Silverlight
    2012-05-31 04:37 . 2012-05-31 04:3740960----a-r-c:\users\REALITY\AppData\Roaming\Microsoft\Installer\{DE6E31A6-C5F1-4CC8-8AD8-F7ABD0E580FE}\NewShortcut11_80F9556751AA44DBBB4BC5012FA4AA4B.exe
    2012-05-31 04:37 . 2012-05-31 04:3740960----a-r-c:\users\REALITY\AppData\Roaming\Microsoft\Installer\{DE6E31A6-C5F1-4CC8-8AD8-F7ABD0E580FE}\NewShortcut1_80F9556751AA44DBBB4BC5012FA4AA4B.exe
    2012-05-31 04:37 . 2012-05-31 04:3740960----a-r-c:\users\REALITY\AppData\Roaming\Microsoft\Installer\{DE6E31A6-C5F1-4CC8-8AD8-F7ABD0E580FE}\ARPPRODUCTICON.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 21:07 . 2012-04-14 13:05426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 21:07 . 2011-12-04 00:5770344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 14:38 . 2012-05-05 14:3840960----a-r-c:\users\REALITY\AppData\Roaming\Microsoft\Installer\{E21541B5-28DE-44BF-8E4A-8CCBC07BBBC2}\NewShortcut11_E21541B528DE44BF8E4A8CCBC07BBBC2.exe
    2012-05-05 14:38 . 2012-05-05 14:3840960----a-r-c:\users\REALITY\AppData\Roaming\Microsoft\Installer\{E21541B5-28DE-44BF-8E4A-8CCBC07BBBC2}\NewShortcut1_E21541B528DE44BF8E4A8CCBC07BBBC2.exe
    2012-05-05 14:38 . 2012-05-05 14:3840960----a-r-c:\users\REALITY\AppData\Roaming\Microsoft\Installer\{E21541B5-28DE-44BF-8E4A-8CCBC07BBBC2}\ARPPRODUCTICON.exe
    2012-04-10 21:58 . 2012-04-10 21:32287----a-w-C:\debug.fz10.reg
    2012-04-06 05:34 . 2012-04-06 05:34187392----a-w-c:\windows\system32\clinfo.exe
    2012-04-06 05:34 . 2012-04-06 05:3474752----a-w-c:\windows\system32\OpenVideo64.dll
    2012-04-06 05:34 . 2012-04-06 05:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-04-06 05:33 . 2012-04-06 05:3363488----a-w-c:\windows\system32\OVDecode64.dll
    2012-04-06 05:33 . 2012-04-06 05:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-04-06 05:33 . 2012-04-06 05:3316457216----a-w-c:\windows\system32\amdocl64.dll
    2012-04-06 05:32 . 2012-04-06 05:3213007872----a-w-c:\windows\SysWow64\amdocl.dll
    2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2012-02-15 03:18909312----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2012-04-06 02:201067520----a-w-c:\windows\system32\aticfx64.dll
    2012-04-06 02:16 . 2012-04-06 02:16442368----a-w-c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2012-02-15 03:076800896----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-04-06 02:1026181632----a-w-c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2011-04-20 09:2764000----a-w-c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2012-04-06 01:547479296----a-w-c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-04-06 01:344731904----a-w-c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2012-04-06 01:346203392----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-04-06 01:237431680----a-w-c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2012-04-06 01:224795904----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-04-06 01:11514560----a-w-c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2012-04-06 01:1117408----a-w-c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:1141984----a-w-c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2011-04-20 09:2154784----a-w-c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2012-02-15 02:1241984----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-04-06 01:0944544----a-w-c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2012-04-06 01:0932256----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    .
    c:\users\REALITY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-20 1431888]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
    R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-13 86016]
    S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-13 86016]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 21:07]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 23:26]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 23:26]
    .
    2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139173926-379787292-1441203389-1000Core.job
    - c:\users\REALITY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 16:18]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139173926-379787292-1441203389-1000UA.job
    - c:\users\REALITY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 16:18]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    "combofix"="c:\combofix\CF12392.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\REALITY\AppData\Roaming\Mozilla\Firefox\Profiles\0s4ozrm7.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Vidalia - c:\program files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-28 19:21:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-29 02:21
    .
    Pre-Run: 7,214,530,560 bytes free
    Post-Run: 7,417,905,152 bytes free
    .
    - - End Of File - - B1CE22262C269D72BBAE8093715B6467
     
  6. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    thx for help so far, looking good right now
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Cool :)

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =======================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.29.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    REALITY :: REALITY-PC [administrator]

    6/28/2012 7:37:07 PM
    mbam-log-2012-06-28 (19-37-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211831
    Time elapsed: 3 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  9. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    OTL logfile created on: 6/28/2012 7:45:43 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\REALITY\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 67.97% Memory free
    7.73 Gb Paging File | 6.26 Gb Available in Paging File | 81.01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 139.73 Gb Total Space | 6.73 Gb Free Space | 4.81% Space Free | Partition Type: NTFS
    Drive D: | 298.09 Gb Total Space | 38.25 Gb Free Space | 12.83% Space Free | Partition Type: NTFS
    Drive G: | 931.51 Gb Total Space | 128.03 Gb Free Space | 13.74% Space Free | Partition Type: NTFS
    Drive H: | 491.73 Mb Total Space | 391.84 Mb Free Space | 79.69% Space Free | Partition Type: FAT

    Computer Name: REALITY-PC | User Name: REALITY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/28 19:33:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\REALITY\Desktop\OTL.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/08/23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    PRC - [2009/12/09 01:50:00 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/12/09 01:49:58 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/03/12 18:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
    PRC - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/12/20 14:25:32 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/12 18:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
    SRV - [2012/06/23 14:07:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/17 12:24:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/23 10:36:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/09 01:50:00 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/12/09 01:49:58 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/12/04 10:16:39 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2009/09/17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/08/20 09:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4139173926-379787292-1441203389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-4139173926-379787292-1441203389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 46 C7 07 70 29 CD 01 [binary data]
    IE - HKU\S-1-5-21-4139173926-379787292-1441203389-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-4139173926-379787292-1441203389-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-4139173926-379787292-1441203389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\REALITY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\REALITY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 12:24:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/02/09 18:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\REALITY\AppData\Roaming\Mozilla\Extensions
    [2012/06/01 23:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\REALITY\AppData\Roaming\Mozilla\Firefox\Profiles\0s4ozrm7.default\extensions
    [2012/02/09 17:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\REALITY\AppData\Roaming\Mozilla\SeaMonkey\Profiles\skssx9iw.default\extensions
    [2012/03/18 16:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/12/18 08:59:51 | 000,050,631 | ---- | M] () (No name found) -- C:\USERS\REALITY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0S4OZRM7.DEFAULT\EXTENSIONS\{54BB9F3F-07E5-486C-9B39-C7398B99391C}.XPI
    [2012/01/05 16:57:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\REALITY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0S4OZRM7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/01/04 14:19:29 | 000,048,077 | ---- | M] () (No name found) -- C:\USERS\REALITY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0S4OZRM7.DEFAULT\EXTENSIONS\STOPWATCH@MERCILLE.ORG.XPI
    [2012/06/17 12:24:40 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/17 12:24:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/17 12:24:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\REALITY\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\REALITY\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\REALITY\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\REALITY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - Extension: YouTube = C:\Users\REALITY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\REALITY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AdBlock = C:\Users\REALITY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
    CHR - Extension: Gmail = C:\Users\REALITY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/28 19:15:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKU\S-1-5-21-4139173926-379787292-1441203389-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4139173926-379787292-1441203389-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4139173926-379787292-1441203389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-4139173926-379787292-1441203389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15B5A626-CEDA-4AF6-90F1-7BF7EA0C1199}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/12/20 14:32:57 | 000,000,000 | ---D | M] - D:\autodesk inventor -- [ NTFS ]
    O32 - AutoRun File - [2010/05/13 13:24:35 | 000,000,000 | R--D | M] - G:\autorun -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/28 19:36:16 | 000,000,000 | ---D | C] -- C:\Users\REALITY\AppData\Roaming\Malwarebytes
    [2012/06/28 19:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/28 19:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/28 19:36:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/28 19:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/28 19:33:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\REALITY\Desktop\OTL.exe
    [2012/06/28 19:21:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/28 19:15:24 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/06/28 19:05:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/28 19:05:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/28 19:05:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/28 19:05:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/28 19:05:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/28 19:01:54 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\REALITY\Desktop\ComboFix.exe
    [2012/06/28 01:16:24 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/27 13:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/27 13:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/27 13:17:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/06/27 07:27:31 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
    [2012/06/26 17:19:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/06/16 11:09:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/06/15 07:44:34 | 000,000,000 | ---D | C] -- C:\Users\REALITY\AppData\Local\Macromedia
    [2012/06/01 19:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/06/01 19:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/06/01 19:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

    ========== Files - Modified Within 30 Days ==========

    [2012/06/28 19:48:48 | 002,142,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/28 19:48:48 | 000,730,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/28 19:48:48 | 000,497,690 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
    [2012/06/28 19:48:48 | 000,486,096 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
    [2012/06/28 19:48:48 | 000,147,520 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
    [2012/06/28 19:48:48 | 000,147,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/28 19:48:48 | 000,145,808 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
    [2012/06/28 19:48:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/28 19:48:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/28 19:43:30 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/28 19:42:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/28 19:42:46 | 3113,574,400 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/28 19:33:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\REALITY\Desktop\OTL.exe
    [2012/06/28 19:33:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4139173926-379787292-1441203389-1000UA.job
    [2012/06/28 19:31:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/28 19:15:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/28 19:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/28 19:02:03 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\REALITY\Desktop\ComboFix.exe
    [2012/06/27 13:37:06 | 000,001,266 | ---- | M] () -- C:\Users\REALITY\Desktop\shutdownstop.exe.lnk
    [2012/06/27 13:19:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/27 13:19:02 | 002,183,698 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/24 01:33:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4139173926-379787292-1441203389-1000Core.job
    [2012/06/15 07:14:40 | 000,530,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/11 22:34:14 | 000,002,369 | ---- | M] () -- C:\Users\REALITY\Desktop\Google Chrome.lnk
    [2012/06/05 13:56:27 | 000,376,800 | ---- | M] () -- C:\Users\REALITY\Documents\parking citation.xps
    [2012/06/01 20:17:05 | 000,007,614 | ---- | M] () -- C:\Users\REALITY\AppData\Local\Resmon.ResmonCfg
    [2012/05/30 21:37:51 | 000,002,186 | ---- | M] () -- C:\Users\REALITY\Desktop\REA's TESTware for CLEP College Composition.lnk

    ========== Files Created - No Company Name ==========

    [2012/06/28 19:05:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/28 19:05:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/28 19:05:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/28 19:05:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/28 19:05:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/27 13:36:44 | 000,001,266 | ---- | C] () -- C:\Users\REALITY\Desktop\shutdownstop.exe.lnk
    [2012/06/27 13:19:06 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/05 13:56:26 | 000,376,800 | ---- | C] () -- C:\Users\REALITY\Documents\parking citation.xps
    [2012/05/30 21:37:51 | 000,002,186 | ---- | C] () -- C:\Users\REALITY\Desktop\REA's TESTware for CLEP College Composition.lnk
    [2012/05/30 21:37:51 | 000,002,162 | ---- | C] () -- C:\Users\REALITY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REA's TESTware for CLEP College Composition.lnk
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/02/20 16:38:29 | 000,000,981 | ---- | C] () -- C:\Windows\eReg.dat
    [2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/02/09 17:10:39 | 000,253,436 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/02/08 21:40:34 | 000,007,614 | ---- | C] () -- C:\Users\REALITY\AppData\Local\Resmon.ResmonCfg
    [2012/02/06 10:17:07 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
    [2011/12/17 12:56:19 | 000,000,132 | ---- | C] () -- C:\Users\REALITY\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/03 18:12:50 | 002,183,698 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/30 08:04:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== LOP Check ==========

    [2009/07/13 22:08:49 | 000,021,680 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 05:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/11/30 08:01:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/06/28 19:21:05 | 000,022,710 | ---- | M] () -- C:\ComboFix.txt
    [2012/04/10 14:58:45 | 000,001,632 | ---- | M] () -- C:\debug.fz10.log
    [2012/04/10 15:09:46 | 000,155,091 | ---- | M] () -- C:\debug.fz10.mes
    [2012/04/10 14:58:47 | 000,000,287 | ---- | M] () -- C:\debug.fz10.reg
    [2012/02/06 10:58:22 | 000,000,010 | ---- | M] () -- C:\error.txt
    [2012/06/28 19:42:46 | 3113,574,400 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/29 12:37:51 | 000,005,141 | ---- | M] () -- C:\mushir_scanlineset2.pat
    [2012/06/28 19:42:53 | 4151,435,264 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/17 12:55:18 | 012,683,524 | ---- | M] () -- C:\planet.psd
    [2011/12/09 17:00:53 | 001,319,579 | ---- | M] () -- C:\sea.psd
    [2011/12/29 12:41:06 | 000,000,403 | ---- | M] () -- C:\Untitled Patterns.pat
    [2011/11/30 08:11:12 | 000,171,136 | RHS- | M] () -- C:\w7ldr

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/13 16:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/11/30 09:08:38 | 000,000,221 | -HS- | M] () -- C:\Users\REALITY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/28 19:02:03 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\REALITY\Desktop\ComboFix.exe
    [2012/03/03 19:13:18 | 000,510,976 | ---- | M] () -- C:\Users\REALITY\Desktop\MacroRecorderSetup(1).exe
    [2012/06/28 19:33:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\REALITY\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/28 19:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/28 19:43:30 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/28 19:31:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/24 01:33:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4139173926-379787292-1441203389-1000Core.job
    [2012/06/28 19:33:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4139173926-379787292-1441203389-1000UA.job
    [2012/06/28 19:43:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/07/13 22:08:49 | 000,021,680 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/12/01 15:33:15 | 000,000,402 | -HS- | M] () -- C:\Users\REALITY\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >
    [2011/12/20 14:21:25 | 000,038,912 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\Luc.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >
     
  10. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    OTL Extras logfile created on: 6/28/2012 7:45:43 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\REALITY\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 67.97% Memory free
    7.73 Gb Paging File | 6.26 Gb Available in Paging File | 81.01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 139.73 Gb Total Space | 6.73 Gb Free Space | 4.81% Space Free | Partition Type: NTFS
    Drive D: | 298.09 Gb Total Space | 38.25 Gb Free Space | 12.83% Space Free | Partition Type: NTFS
    Drive G: | 931.51 Gb Total Space | 128.03 Gb Free Space | 13.74% Space Free | Partition Type: NTFS
    Drive H: | 491.73 Mb Total Space | 391.84 Mb Free Space | 79.69% Space Free | Partition Type: FAT

    Computer Name: REALITY-PC | User Name: REALITY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4139173926-379787292-1441203389-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{266597A9-1664-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) English Language Pack
    "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack
    "{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Add-in
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012
    "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
    "{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
    "{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
    "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
    "{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
    "{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{CF526A26-1664-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
    "{D25FF5C1-1664-469A-9794-69309387C193}" = Quick Uninstall Tool for Autodesk Inventor 2012
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64)
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
    "Autodesk Inventor Fusion for Inventor 2012 Add-in" = Autodesk Inventor Fusion for Inventor 2012 Add-in
    "CCleaner" = CCleaner
    "DWG TrueView 2012" = DWG TrueView 2012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "WinRAR archiver" = WinRAR 4.00 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
    "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
    "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
    "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
    "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
    "{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
    "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
    "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
    "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
    "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
    "{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
    "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
    "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
    "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
    "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DE6E31A6-C5F1-4CC8-8AD8-F7ABD0E580FE}" = REA's TESTware for CLEP College Composition
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E21541B5-28DE-44BF-8E4A-8CCBC07BBBC2}" = REA's TESTware for the CLEP Sociology
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "5513-1208-7298-9440" = JDownloader 0.9
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ASIO4ALL" = ASIO4ALL
    "Autodesk Design Review 2012" = Autodesk Design Review 2012
    "Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
    "Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
    "Avidemux 2.5 (64-bit)" = Avidemux 2.5
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
    "FL Studio 10" = FL Studio 10
    "foobar2000" = foobar2000 v1.1.10
    "IL Download Manager" = IL Download Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "SMPlayer" = SMPlayer 0.7.0
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4139173926-379787292-1441203389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/27/2012 1:34:24 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/27/2012 1:49:27 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/27/2012 1:59:46 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/27/2012 9:34:28 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/27/2012 9:41:46 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/27/2012 9:50:02 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/27/2012 9:55:24 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/27/2012 10:03:31 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/27/2012 10:18:32 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/27/2012 10:18:55 AM | Computer Name = REALITY-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ System Events ]
    Error - 3/12/2012 9:39:04 PM | Computer Name = REALITY-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
    (Definition 1.121.1391.0).

    Error - 3/15/2012 1:27:50 PM | Computer Name = REALITY-PC | Source = Service Control Manager | ID = 7000
    Description = The Adobe Licensing Console service failed to start due to the following
    error: %%2

    Error - 3/15/2012 1:28:07 PM | Computer Name = REALITY-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.
    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 3/15/2012 1:29:15 PM | Computer Name = REALITY-PC | Source = DCOM | ID = 10016
    Description =

    Error - 3/15/2012 2:40:32 PM | Computer Name = REALITY-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 3/21/2012 4:14:05 AM | Computer Name = REALITY-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 3/24/2012 7:13:04 AM | Computer Name = REALITY-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 3/24/2012 10:12:46 PM | Computer Name = REALITY-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 3/27/2012 10:09:25 PM | Computer Name = REALITY-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 3/28/2012 11:50:51 PM | Computer Name = REALITY-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.


    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OTL logs are clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    REA's TESTware for the CLEP Sociology
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Flash Player11.3.300.262
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
     
  13. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    Farbar Service Scanner Version: 25-06-2012 01
    Ran by REALITY (administrator) on 28-06-2012 at 21:42:42
    Running from "C:\Users\REALITY\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     
  14. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    C:\Users\REALITY\Downloads\hdxkidxhdx\YouTubeDownloaderSetup35.exeprobably a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    G:\w\r\c\g\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ].rara variant of Win32/Packed.VMProtect.AAD trojandeleted - quarantined
    G:\w\r\c\g\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\x64.rara variant of Win32/Packed.VMProtect.AAD trojandeleted - quarantined
    G:\w\r\c\g\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\x64\Keygen.exea variant of Win32/Packed.VMProtect.AAD trojancleaned by deleting - quarantined
    G:\w\r\c\g\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA\Windows.7.SP1.ENG.x86-x64.MAFIAA.isomultiple threatsdeleted - quarantined
     
  15. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    hm....ill tell my roomate to stop downloading these softwares, lol (shared pc)
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Hahaha....

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ====================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  17. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: REALITY
    ->Temp folder emptied: 59432 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 100228489 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 882 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9216 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 96.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: REALITY
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: REALITY
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.0 log created on 06292012_084239

    Files\Folders moved on Reboot...
    C:\Users\REALITY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\REALITY\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  18. john14354yc5

    john14354yc5 TS Rookie Topic Starter

    ok downloaded those progs, updated everything, looks good thanks ^_^
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...