Solved Sirefef virus issue

menka

Posts: 38   +0
Hello, my desktop seemed to have caught the sirefef virus, windows security essential is forcing the desktop to restart after one minute even though it claimed to have clean the virus. I go into safemode to try to run Malwarebytes but the desktop shuts down before the scan can finish. I notice this is a common problem from the topic threads but it seems recommended that I make my own thread topic other than copying other users. I am running Windows 7 64-bit home premium if that helps.
 
Okay I downloaded the Farbar recovery tool:

Scan result of Farbar Recovery Scan Tool Version: 23-06-2012
Ran by SYSTEM at 23-06-2012 13:31:42
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12632168 2011-07-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKU\Calice\...\Run: [0i763f66bz] C:\Users\Calice\0i763f66bz.exe [x]
HKU\Calice\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

==================== Services (Whitelisted) ======

2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [350952 2010-08-12] (NVIDIA Corporation)
3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
3 gdrv; \??\C:\Windows\gdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-23 08:58 - 2012-06-23 08:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EE77193F9BCFE96
2012-06-23 08:56 - 2012-06-23 08:56 - 00000328 ____A C:\Windows\PFRO.log
2012-06-23 07:35 - 2012-06-23 07:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE47B7580E4127D0
2012-06-23 07:24 - 2012-06-23 07:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5994B9A783CBAC2F
2012-06-23 07:16 - 2012-06-23 07:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.619C4D112007EE12
2012-06-23 07:13 - 2012-06-23 07:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A63788CF596CCF5
2012-06-23 07:08 - 2012-06-23 07:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5C946D4B2BF6104
2012-06-23 07:05 - 2012-06-23 07:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49D2A407B3219963
2012-06-23 06:47 - 2012-06-23 06:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD71B6D71538D73C
2012-06-23 06:41 - 2012-06-23 06:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0A2B4E64A5EB56A
2012-06-23 06:36 - 2012-06-23 06:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F33C70996493D25B
2012-06-23 06:36 - 2012-06-23 06:36 - 00000000 ____D C:\Users\Calice\AppData\Roaming\Malwarebytes
2012-06-23 06:33 - 2012-06-23 06:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58CAF57F892AF75F
2012-06-23 06:33 - 2012-06-23 06:33 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-23 06:33 - 2012-06-23 06:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-23 06:33 - 2012-06-23 06:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 06:33 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-23 06:31 - 2012-06-23 06:31 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Calice\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-23 06:31 - 2012-06-23 06:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2007D98A6CD6238
2012-06-23 06:28 - 2012-06-23 06:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABBEF8ABF0A3E908
2012-06-23 06:26 - 2012-06-23 06:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29FC24FA8905EC12
2012-06-23 06:23 - 2012-06-23 06:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.103CBED513E3C65D
2012-06-23 06:22 - 2012-06-23 08:59 - 00001568 ____A C:\Windows\setupact.log
2012-06-23 06:22 - 2012-06-23 06:22 - 00000000 ____A C:\Windows\setuperr.log
2012-06-23 06:20 - 2012-06-23 06:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D45CCEF7CB5FEC72
2012-06-23 06:18 - 2012-06-23 06:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.643BBA4CF88C93BC
2012-06-23 06:13 - 2012-06-23 06:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA177F2C14A4843F
2012-06-23 06:09 - 2012-06-23 06:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8735FAF4A73CA8CB
2012-06-23 06:06 - 2012-06-23 06:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC6FB467ADB4FF9C
2012-06-23 06:00 - 2012-06-23 06:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-23 06:00 - 2012-06-23 06:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-23 05:59 - 2012-06-23 05:59 - 12621696 ____A (Microsoft Corporation) C:\Users\Calice\Downloads\mseinstall.exe
2012-06-22 14:48 - 2012-06-22 14:48 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 09:15 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 09:15 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 09:15 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 09:15 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 09:15 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 09:15 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 09:15 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 09:15 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 09:15 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 13:53 - 2012-06-20 13:54 - 00000000 ____D C:\Users\Calice\AppData\Local\{F9624A5F-E9A5-4818-A833-33DEB9BA90A6}
2012-06-20 13:53 - 2012-06-20 13:53 - 00000000 ____D C:\Users\Calice\AppData\Local\{1ED868E8-4FB4-413F-8AE7-73D41338ED21}
2012-06-16 11:14 - 2012-06-16 11:19 - 00000000 ____D C:\Users\Calice\AppData\Roaming\NCH Software
2012-06-16 11:14 - 2012-06-16 11:14 - 00521312 ____A (NCH Software) C:\Users\Calice\Downloads\switchsetup.exe
2012-06-16 11:14 - 2012-06-16 11:14 - 00000000 ____D C:\Users\All Users\NCH Software
2012-06-16 11:14 - 2012-06-16 11:14 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-06-15 18:35 - 2012-06-15 18:40 - 00000000 ____D C:\Users\Calice\AppData\Local\Conduit
2012-06-15 18:35 - 2012-06-15 18:35 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-06-15 18:33 - 2012-06-15 18:33 - 00078512 ____A C:\Users\Calice\Downloads\InstallIMVU_472.0_st_c.exe
2012-06-12 20:26 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 20:26 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 20:26 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 20:26 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 20:26 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 20:26 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 20:26 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 20:26 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 20:26 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 20:26 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 20:26 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 20:26 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 20:26 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 20:26 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 20:26 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 20:26 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 20:26 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-12 20:26 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 20:26 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-12 20:26 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 20:26 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 20:26 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 20:26 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 20:26 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-12 20:26 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 20:26 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 20:26 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 20:26 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 14:14 - 2012-06-12 14:15 - 00000000 ____D C:\Users\Calice\AppData\Local\{02FA11B7-A6B4-4E03-9B22-D26A4597B86D}
2012-06-12 14:14 - 2012-06-12 14:14 - 00000000 ____D C:\Users\Calice\AppData\Local\{534D160A-FEC6-4DCB-B9BD-D8918E279241}
2012-06-12 13:51 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 13:51 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 13:51 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 13:51 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 13:51 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 13:51 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 13:51 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 13:51 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 13:51 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 13:51 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 13:51 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 13:51 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 13:51 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 13:51 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 13:51 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 13:51 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 13:51 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 17:24 - 2012-06-11 17:24 - 00000000 ____D C:\Users\Calice\AppData\Local\{6E639B70-DCF1-4026-8059-E2922519EDB0}
2012-06-11 17:24 - 2012-06-11 17:24 - 00000000 ____D C:\Users\Calice\AppData\Local\{38813479-1E4D-4561-BC86-455119DF3FC6}
2012-06-11 16:01 - 2012-06-11 16:01 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2012-06-11 16:01 - 2008-11-11 09:42 - 00033792 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgx64modem.sys
2012-06-11 16:01 - 2008-11-11 09:42 - 00027136 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgx64gps.sys
2012-06-11 16:01 - 2008-11-11 09:42 - 00027136 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgx64diag.sys
2012-06-11 16:01 - 2008-11-11 09:42 - 00017920 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgx64bus.sys
2012-06-11 16:00 - 2012-06-11 16:00 - 01529080 ____A (LG Electronics ) C:\Users\Calice\Downloads\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All.exe
2012-06-10 18:03 - 2012-06-10 18:03 - 00000000 ____D C:\Users\Calice\AppData\Local\{48546F70-1B0B-4D93-B9DE-56FECC9245EA}
2012-06-10 13:45 - 2012-06-10 13:45 - 00000000 ____D C:\Users\All Users\ATI
2012-06-10 13:45 - 2012-06-10 13:45 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-06-10 13:45 - 2012-06-10 13:45 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-06-09 08:51 - 2012-06-09 08:51 - 00000000 ____D C:\Users\Calice\AppData\Local\Macromedia
2012-06-01 11:09 - 2012-06-01 11:09 - 00000000 ____D C:\Users\Calice\AppData\Local\{89318356-0E99-4C8E-9B05-31F38A440C16}
2012-06-01 11:09 - 2012-06-01 11:09 - 00000000 ____D C:\Users\Calice\AppData\Local\{357542D8-B6DA-467B-AE3F-A44F5405331A}
2012-05-31 14:36 - 2012-05-31 14:38 - 00000000 ____D C:\Users\Calice\Documents\Activities
2012-05-31 14:01 - 2012-05-31 14:01 - 00000000 ____D C:\Users\All Users\Sun
2012-05-31 14:01 - 2012-05-31 14:01 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-05-31 14:01 - 2012-04-04 14:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-31 14:01 - 2012-04-04 14:47 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-31 14:01 - 2012-04-04 14:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-31 14:00 - 2012-05-31 14:00 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-31 14:00 - 2012-05-31 14:00 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-31 14:00 - 2012-05-31 14:00 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-30 11:01 - 2012-05-30 11:01 - 03862112 ____A (Piriform Ltd) C:\Users\Calice\Downloads\ccsetup319.exe
2012-05-27 18:20 - 2012-05-27 18:20 - 00012900 ____A C:\Users\Calice\Downloads\BREN.png
2012-05-27 18:16 - 2012-05-27 18:17 - 00000000 ____D C:\Users\Calice\Downloads\glass
2012-05-27 18:13 - 2012-05-27 18:13 - 00259067 ____A C:\Users\Calice\Downloads\glass.zip
2012-05-27 18:07 - 2012-05-27 18:07 - 00011020 ____A C:\Users\Calice\Downloads\BRENTONSLADE5.png
2012-05-27 18:05 - 2012-05-27 18:05 - 00011034 ____A C:\Users\Calice\Downloads\BRENTON4.png
2012-05-27 17:58 - 2012-05-27 17:58 - 00006928 ____A C:\Users\Calice\Downloads\BRENTON SLADE3.png
2012-05-27 17:56 - 2012-05-27 17:56 - 00007084 ____A C:\Users\Calice\Downloads\BRENTONSLADE2.png
2012-05-27 17:55 - 2012-05-27 17:55 - 00007093 ____A C:\Users\Calice\Downloads\BRENTON SLADE.png
2012-05-27 17:05 - 2012-05-27 17:05 - 00000000 ____D C:\Users\Calice\Downloads\pulse_sans
2012-05-27 17:00 - 2012-05-27 17:00 - 00120692 ____A C:\Users\Calice\Downloads\pulse_sans.zip
2012-05-27 16:59 - 2012-05-27 16:59 - 00000000 ____D C:\Users\Calice\Downloads\crackvetica
2012-05-27 16:46 - 2012-05-27 16:46 - 00122660 ____A C:\Users\Calice\Downloads\crackvetica.zip
2012-05-27 16:45 - 2012-05-27 16:45 - 00137123 ____A C:\Users\Calice\Downloads\buy_more.zip
2012-05-27 16:39 - 2012-05-27 16:39 - 00004660 ____A C:\Users\Calice\Downloads\high_volume.zip
2012-05-27 16:39 - 2012-05-27 16:39 - 00000000 ____D C:\Users\Calice\Downloads\high_volume
2012-05-27 16:33 - 2012-05-27 16:33 - 00000000 ____D C:\Users\Calice\Downloads\feedback_loud
2012-05-27 16:32 - 2012-05-27 16:32 - 00063268 ____A C:\Users\Calice\Downloads\feedback_loud.zip
2012-05-27 16:24 - 2012-05-27 16:24 - 00000000 ____D C:\Users\Calice\Downloads\vermin_vibes
2012-05-27 16:21 - 2012-05-27 16:21 - 00049483 ____A C:\Users\Calice\Downloads\vermin_vibes.zip


============ 3 Months Modified Files and Folders =============

2012-06-23 13:31 - 2012-06-23 13:31 - 00000000 ____D C:\FRST
2012-06-23 08:59 - 2012-06-23 06:22 - 00001568 ____A C:\Windows\setupact.log
2012-06-23 08:59 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-23 08:58 - 2012-06-23 08:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EE77193F9BCFE96
2012-06-23 08:56 - 2012-06-23 08:56 - 00000328 ____A C:\Windows\PFRO.log
2012-06-23 08:29 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-23 07:35 - 2012-06-23 07:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE47B7580E4127D0
2012-06-23 07:24 - 2012-06-23 07:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5994B9A783CBAC2F
2012-06-23 07:16 - 2012-06-23 07:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.619C4D112007EE12
2012-06-23 07:13 - 2012-06-23 07:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A63788CF596CCF5
2012-06-23 07:08 - 2012-06-23 07:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5C946D4B2BF6104
2012-06-23 07:05 - 2012-06-23 07:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49D2A407B3219963
2012-06-23 06:47 - 2012-06-23 06:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD71B6D71538D73C
2012-06-23 06:41 - 2012-06-23 06:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0A2B4E64A5EB56A
2012-06-23 06:40 - 2012-04-27 16:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-23 06:36 - 2012-06-23 06:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F33C70996493D25B
2012-06-23 06:36 - 2012-06-23 06:36 - 00000000 ____D C:\Users\Calice\AppData\Roaming\Malwarebytes
2012-06-23 06:33 - 2012-06-23 06:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58CAF57F892AF75F
2012-06-23 06:33 - 2012-06-23 06:33 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-23 06:33 - 2012-06-23 06:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-23 06:33 - 2012-06-23 06:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 06:31 - 2012-06-23 06:31 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Calice\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-23 06:31 - 2012-06-23 06:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2007D98A6CD6238
2012-06-23 06:28 - 2012-06-23 06:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABBEF8ABF0A3E908
2012-06-23 06:26 - 2012-06-23 06:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29FC24FA8905EC12
2012-06-23 06:23 - 2012-06-23 06:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.103CBED513E3C65D
2012-06-23 06:22 - 2012-06-23 06:22 - 00000000 ____A C:\Windows\setuperr.log
2012-06-23 06:20 - 2012-06-23 06:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D45CCEF7CB5FEC72
2012-06-23 06:18 - 2012-06-23 06:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.643BBA4CF88C93BC
2012-06-23 06:13 - 2012-06-23 06:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA177F2C14A4843F
2012-06-23 06:09 - 2012-06-23 06:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8735FAF4A73CA8CB
2012-06-23 06:06 - 2012-06-23 06:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC6FB467ADB4FF9C
2012-06-23 06:04 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-23 06:04 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-23 06:00 - 2012-06-23 06:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-23 06:00 - 2012-06-23 06:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-23 06:00 - 2012-03-14 20:24 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-23 06:00 - 2012-03-14 20:23 - 00799314 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-23 05:59 - 2012-06-23 05:59 - 12621696 ____A (Microsoft Corporation) C:\Users\Calice\Downloads\mseinstall.exe
2012-06-23 05:54 - 2012-03-14 19:51 - 00000000 ____D C:\users\Calice
2012-06-23 05:43 - 2009-07-13 21:13 - 00783160 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-22 15:39 - 2012-04-27 16:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-22 15:39 - 2012-02-03 16:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-22 14:48 - 2012-06-22 14:48 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-22 08:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-20 19:46 - 2012-04-18 16:36 - 00000000 ____D C:\Users\Calice\Tracing
2012-06-20 13:54 - 2012-06-20 13:53 - 00000000 ____D C:\Users\Calice\AppData\Local\{F9624A5F-E9A5-4818-A833-33DEB9BA90A6}
2012-06-20 13:54 - 2012-04-18 16:21 - 00000000 ____D C:\Users\Calice\AppData\Local\Windows Live
2012-06-20 13:53 - 2012-06-20 13:53 - 00000000 ____D C:\Users\Calice\AppData\Local\{1ED868E8-4FB4-413F-8AE7-73D41338ED21}
2012-06-18 02:59 - 2012-05-02 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-17 14:16 - 2012-03-14 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-16 11:19 - 2012-06-16 11:14 - 00000000 ____D C:\Users\Calice\AppData\Roaming\NCH Software
2012-06-16 11:14 - 2012-06-16 11:14 - 00521312 ____A (NCH Software) C:\Users\Calice\Downloads\switchsetup.exe
2012-06-16 11:14 - 2012-06-16 11:14 - 00000000 ____D C:\Users\All Users\NCH Software
2012-06-16 11:14 - 2012-06-16 11:14 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-06-15 18:40 - 2012-06-15 18:35 - 00000000 ____D C:\Users\Calice\AppData\Local\Conduit
2012-06-15 18:35 - 2012-06-15 18:35 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-06-15 18:33 - 2012-06-15 18:33 - 00078512 ____A C:\Users\Calice\Downloads\InstallIMVU_472.0_st_c.exe
2012-06-14 12:03 - 2012-04-07 17:52 - 00000000 ____D C:\Users\Calice\AppData\Roaming\SoftGrid Client
2012-06-13 13:02 - 2009-07-13 20:45 - 00299160 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 20:30 - 2012-02-06 16:15 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 14:15 - 2012-06-12 14:14 - 00000000 ____D C:\Users\Calice\AppData\Local\{02FA11B7-A6B4-4E03-9B22-D26A4597B86D}
2012-06-12 14:14 - 2012-06-12 14:14 - 00000000 ____D C:\Users\Calice\AppData\Local\{534D160A-FEC6-4DCB-B9BD-D8918E279241}
2012-06-11 17:24 - 2012-06-11 17:24 - 00000000 ____D C:\Users\Calice\AppData\Local\{6E639B70-DCF1-4026-8059-E2922519EDB0}
2012-06-11 17:24 - 2012-06-11 17:24 - 00000000 ____D C:\Users\Calice\AppData\Local\{38813479-1E4D-4561-BC86-455119DF3FC6}
2012-06-11 16:01 - 2012-06-11 16:01 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2012-06-11 16:01 - 2012-02-03 15:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-11 16:00 - 2012-06-11 16:00 - 01529080 ____A (LG Electronics ) C:\Users\Calice\Downloads\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All.exe
2012-06-10 18:03 - 2012-06-10 18:03 - 00000000 ____D C:\Users\Calice\AppData\Local\{48546F70-1B0B-4D93-B9DE-56FECC9245EA}
2012-06-10 13:45 - 2012-06-10 13:45 - 00000000 ____D C:\Users\All Users\ATI
2012-06-10 13:45 - 2012-06-10 13:45 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-06-10 13:45 - 2012-06-10 13:45 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-06-10 13:45 - 2012-02-03 16:05 - 00000000 ____D C:\Users\All Users\AMD
2012-06-10 13:45 - 2012-02-03 16:04 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-09 08:51 - 2012-06-09 08:51 - 00000000 ____D C:\Users\Calice\AppData\Local\Macromedia
2012-06-02 14:19 - 2012-06-21 09:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 09:15 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 09:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 09:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 09:15 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 09:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 09:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 09:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 09:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 11:09 - 2012-06-01 11:09 - 00000000 ____D C:\Users\Calice\AppData\Local\{89318356-0E99-4C8E-9B05-31F38A440C16}
2012-06-01 11:09 - 2012-06-01 11:09 - 00000000 ____D C:\Users\Calice\AppData\Local\{357542D8-B6DA-467B-AE3F-A44F5405331A}
2012-05-31 14:38 - 2012-05-31 14:36 - 00000000 ____D C:\Users\Calice\Documents\Activities
2012-05-31 14:01 - 2012-05-31 14:01 - 00000000 ____D C:\Users\All Users\Sun
2012-05-31 14:01 - 2012-05-31 14:01 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-05-31 14:00 - 2012-05-31 14:00 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-31 14:00 - 2012-05-31 14:00 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-31 14:00 - 2012-05-31 14:00 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-30 11:01 - 2012-05-30 11:01 - 03862112 ____A (Piriform Ltd) C:\Users\Calice\Downloads\ccsetup319.exe
2012-05-30 11:01 - 2012-03-14 20:03 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-30 11:01 - 2012-03-14 20:03 - 00000000 ____D C:\Program Files\CCleaner
2012-05-28 14:32 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-05-28 08:44 - 2012-03-14 19:51 - 00070832 ____A C:\Users\Calice\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-27 18:20 - 2012-05-27 18:20 - 00012900 ____A C:\Users\Calice\Downloads\BREN.png
2012-05-27 18:17 - 2012-05-27 18:16 - 00000000 ____D C:\Users\Calice\Downloads\glass
2012-05-27 18:16 - 2011-02-22 07:10 - 00535672 ____A C:\Users\Calice\Downloads\Glass.ttf
2012-05-27 18:13 - 2012-05-27 18:13 - 00259067 ____A C:\Users\Calice\Downloads\glass.zip
2012-05-27 18:07 - 2012-05-27 18:07 - 00011020 ____A C:\Users\Calice\Downloads\BRENTONSLADE5.png
2012-05-27 18:05 - 2012-05-27 18:05 - 00011034 ____A C:\Users\Calice\Downloads\BRENTON4.png
2012-05-27 17:58 - 2012-05-27 17:58 - 00006928 ____A C:\Users\Calice\Downloads\BRENTON SLADE3.png
2012-05-27 17:56 - 2012-05-27 17:56 - 00007084 ____A C:\Users\Calice\Downloads\BRENTONSLADE2.png
2012-05-27 17:55 - 2012-05-27 17:55 - 00007093 ____A C:\Users\Calice\Downloads\BRENTON SLADE.png
2012-05-27 17:05 - 2012-05-27 17:05 - 00000000 ____D C:\Users\Calice\Downloads\pulse_sans
2012-05-27 17:00 - 2012-05-27 17:00 - 00120692 ____A C:\Users\Calice\Downloads\pulse_sans.zip
2012-05-27 16:59 - 2012-05-27 16:59 - 00000000 ____D C:\Users\Calice\Downloads\crackvetica
2012-05-27 16:46 - 2012-05-27 16:46 - 00122660 ____A C:\Users\Calice\Downloads\crackvetica.zip
2012-05-27 16:45 - 2012-05-27 16:45 - 00137123 ____A C:\Users\Calice\Downloads\buy_more.zip
2012-05-27 16:39 - 2012-05-27 16:39 - 00004660 ____A C:\Users\Calice\Downloads\high_volume.zip
2012-05-27 16:39 - 2012-05-27 16:39 - 00000000 ____D C:\Users\Calice\Downloads\high_volume
2012-05-27 16:33 - 2012-05-27 16:33 - 00000000 ____D C:\Users\Calice\Downloads\feedback_loud
2012-05-27 16:32 - 2012-05-27 16:32 - 00063268 ____A C:\Users\Calice\Downloads\feedback_loud.zip
2012-05-27 16:24 - 2012-05-27 16:24 - 00000000 ____D C:\Users\Calice\Downloads\vermin_vibes
2012-05-27 16:21 - 2012-05-27 16:21 - 00049483 ____A C:\Users\Calice\Downloads\vermin_vibes.zip
2012-05-17 18:47 - 2012-06-12 20:26 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-12 20:26 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-12 20:26 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-12 20:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-12 20:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-12 20:26 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-12 20:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-12 20:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-12 20:26 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-12 20:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-12 20:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-12 20:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-12 20:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-12 20:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-12 20:26 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-12 20:26 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-12 20:26 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-12 20:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-12 20:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 20:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-12 20:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-12 20:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 20:26 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-12 20:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 20:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-12 20:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 20:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 20:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-12 13:51 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 09:28 - 2011-11-10 11:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 09:27 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 09:54 - 2012-05-08 09:53 - 00000000 ____D C:\Users\Calice\AppData\Local\{482A35E8-0E17-4120-9C80-7D2F7797C9FE}
2012-05-08 09:53 - 2012-05-08 09:53 - 00000000 ____D C:\Users\Calice\AppData\Local\{2F689F1E-8185-4EC9-B636-C88FF88CF823}
2012-05-07 10:54 - 2012-05-07 10:54 - 00000000 ____D C:\Users\Calice\AppData\Local\{E1B2A748-1751-4EFB-BBE1-C897E42526A6}
2012-05-07 10:54 - 2012-05-07 10:54 - 00000000 ____D C:\Users\Calice\AppData\Local\{A272A12D-4C12-450D-99B8-4555DE2ABCFA}
2012-05-06 12:27 - 2012-05-06 12:27 - 00000000 ____D C:\Users\Calice\AppData\Local\{52B96F90-41BF-4324-BE37-220FCDD0F6C9}
2012-05-06 12:27 - 2012-05-06 12:27 - 00000000 ____D C:\Users\Calice\AppData\Local\{172F8348-85D4-4DC1-8A96-7CEE91BC6984}
2012-05-05 11:22 - 2012-05-05 11:22 - 00000000 ____D C:\Users\Calice\AppData\Local\{974DD718-0F27-42B1-89FD-74A189E1BE40}
2012-05-05 11:22 - 2012-05-05 11:22 - 00000000 ____D C:\Users\Calice\AppData\Local\{57F53E18-B877-447F-9713-103B19911B1A}
2012-05-04 03:11 - 2012-05-04 03:11 - 00000000 ____D C:\Users\Calice\AppData\Local\{759C1E8E-9405-436B-A225-5D1F74FD9DEC}
2012-05-04 03:11 - 2012-05-04 03:11 - 00000000 ____D C:\Users\Calice\AppData\Local\{1AD7727C-3BBC-448A-957D-D5E814C1BF8C}
2012-05-04 03:06 - 2012-06-12 13:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 13:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 13:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 09:34 - 2012-05-03 09:34 - 00000000 ____D C:\Users\Calice\AppData\Local\{BB1B280A-F3A0-4BBE-A29D-82AF89E0F6B4}
2012-05-03 09:34 - 2012-05-03 09:33 - 00000000 ____D C:\Users\Calice\AppData\Local\{3C546F84-C5FA-4912-8907-D46D99BE6704}
2012-05-02 16:36 - 2012-05-02 16:36 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-02 15:11 - 2009-07-13 21:08 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-02 11:17 - 2012-03-14 20:53 - 00000000 ____D C:\Program Files (x86)\Steam
2012-05-02 10:01 - 2012-05-02 10:01 - 00000000 ____D C:\Users\Calice\AppData\Local\{D073549E-CAF3-48AF-8A7A-4FE1C547814C}
2012-05-02 10:01 - 2012-05-02 10:01 - 00000000 ____D C:\Users\Calice\AppData\Local\{CB42AAB3-D659-489B-B76D-8999506BE53F}
2012-05-01 17:46 - 2012-05-01 17:46 - 00000000 ____D C:\Users\Calice\AppData\Local
 
\{F8AF5B17-FB0B-4836-B1A5-23C7D7CAD3A1}
2012-05-01 09:20 - 2012-05-01 09:20 - 00000000 ____D C:\Users\Calice\AppData\Local\{9A318964-7050-49EF-B3B0-83F1B6F9BC90}
2012-05-01 03:51 - 2012-05-01 03:51 - 00000000 ____D C:\Users\Calice\AppData\Local\{EEBED952-9471-495D-9A99-F00EA641D812}
2012-04-30 21:40 - 2012-06-12 13:51 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 16:55 - 2012-04-30 16:55 - 00000000 ____D C:\Users\Calice\AppData\Local\{210ACFBB-3CCC-4638-BA9A-4F830C3E0B94}
2012-04-30 10:29 - 2012-04-30 10:29 - 00000000 ____D C:\Users\Calice\AppData\Local\{B15703B8-5BB5-48AA-9A04-1E55D55DD275}
2012-04-30 09:13 - 2012-04-30 09:13 - 00000000 ____D C:\Users\Calice\AppData\Local\{599389B4-EF6B-4ABA-A38F-D1C83DC4A4BA}
2012-04-29 12:02 - 2012-04-29 12:02 - 00000000 ____D C:\Users\Calice\AppData\Local\{64B0976C-4401-4F4E-88B9-FB320323BA9E}
2012-04-28 22:01 - 2012-04-28 22:01 - 03654896 ____A (Piriform Ltd) C:\Users\Calice\Downloads\ccsetup318.exe
2012-04-28 13:14 - 2012-04-28 13:14 - 00000000 ____D C:\Users\Calice\AppData\Local\{BDF84AB5-07B1-465A-A80C-ED7D8E02B708}
2012-04-28 08:36 - 2012-04-28 08:36 - 00000000 ____D C:\Users\Calice\AppData\Local\{2A95F7F8-87F0-4393-A545-0949BC30C416}
2012-04-27 19:55 - 2012-06-12 13:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 16:41 - 2012-04-27 16:41 - 00000000 ____D C:\Users\Calice\AppData\Local\{581E8F05-D2BF-4EC4-854B-8396EA7210AC}
2012-04-27 07:59 - 2012-04-27 07:59 - 00000000 ____D C:\Users\Calice\AppData\Local\{FB20FEC4-1AAD-421F-BEB2-E9D2D44E19FA}
2012-04-26 08:11 - 2012-04-26 08:11 - 00000000 ____D C:\Users\Calice\AppData\Local\{ECED2D27-D268-4A8D-8E1D-EFD104806CB4}
2012-04-26 08:11 - 2012-04-26 08:11 - 00000000 ____D C:\Users\Calice\AppData\Local\{402230CC-B4D7-44B2-8E77-365FEC576DC3}
2012-04-25 21:41 - 2012-06-12 13:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 13:51 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 13:51 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 07:16 - 2012-04-25 07:16 - 00000000 ____D C:\Users\Calice\AppData\Local\{D189AB87-D8F0-4EE9-8F8E-24148F67763D}
2012-04-25 07:16 - 2012-04-25 07:16 - 00000000 ____D C:\Users\Calice\AppData\Local\{5836653A-1CDD-4835-AD6B-4E691FDC742C}
2012-04-23 21:37 - 2012-06-12 13:51 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 13:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 13:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 13:51 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 13:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 13:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 07:37 - 2012-04-23 07:37 - 00000000 ____D C:\Users\Calice\AppData\Local\{F83AEA3B-2455-473F-9B10-D16B60CA8FB0}
2012-04-23 07:37 - 2012-04-23 07:37 - 00000000 ____D C:\Users\Calice\AppData\Local\{96C006DC-DB7F-48C1-93C9-29B38B99D165}
2012-04-22 12:39 - 2012-04-22 12:39 - 00000000 ____D C:\Users\Calice\AppData\Local\{AC9C5331-4BC5-463F-8F0D-AB57A82EF9C3}
2012-04-22 12:39 - 2012-04-22 12:39 - 00000000 ____D C:\Users\Calice\AppData\Local\{9BD0977E-A953-4144-819B-E5F48049B76D}
2012-04-21 19:29 - 2012-04-21 19:29 - 00000000 ____D C:\Users\Calice\AppData\Local\{9635E45D-A0EA-407D-924A-EBA818BE66ED}
2012-04-21 19:29 - 2012-04-21 19:28 - 00000000 ____D C:\Users\Calice\AppData\Local\{5F29622D-1693-4CD5-ADDD-E07A6AE6303B}
2012-04-19 22:10 - 2012-04-19 22:10 - 00000000 ____D C:\Users\Calice\AppData\Local\{CDCAC7AB-833A-42CC-9322-2FCEA75BF851}
2012-04-19 22:10 - 2012-04-19 22:10 - 00000000 ____D C:\Users\Calice\AppData\Local\{2AAB7F0A-32DC-40A4-9F2D-B2BF58AD0BAB}
2012-04-19 15:51 - 2012-04-19 15:51 - 00000000 ____D C:\Users\Calice\AppData\Local\{970E3673-0677-4222-B3CE-33B2529B97C7}
2012-04-19 11:21 - 2012-04-19 11:21 - 00000000 ____D C:\Users\Calice\AppData\Local\{DDE8C0F9-9491-4BCE-AFCE-7CF3BCF654B9}
2012-04-19 11:21 - 2012-04-19 11:21 - 00000000 ____D C:\Users\Calice\AppData\Local\{C00B0672-6E6B-484F-A21F-54B1ECBBFC2D}
2012-04-18 16:25 - 2012-04-18 16:25 - 00000000 ____D C:\Windows\en
2012-04-18 16:24 - 2011-11-10 12:00 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-04-18 16:22 - 2011-11-10 12:00 - 00000000 ____D C:\Program Files\Windows Live
2012-04-18 16:20 - 2012-04-18 16:20 - 01287528 ____A (Microsoft Corporation) C:\Users\Calice\Downloads\wlsetup-web.exe
2012-04-09 11:32 - 2012-04-07 20:04 - 00000000 ____D C:\Users\All Users\VirtualizedApplications
2012-04-08 18:48 - 2012-04-07 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-04-08 18:08 - 2012-03-15 18:19 - 00000000 ____D C:\Users\Calice\Documents\Pics
2012-04-07 21:23 - 2012-04-07 21:23 - 03645656 ____A (Piriform Ltd) C:\Users\Calice\Downloads\ccsetup317.exe
2012-04-07 17:52 - 2012-04-07 17:52 - 00000000 ____D C:\Users\Calice\AppData\Local\SoftGrid Client
2012-04-07 17:52 - 2012-04-07 17:52 - 00000000 ____D C:\Program Files\Microsoft Office
2012-04-07 17:52 - 2012-04-07 17:51 - 00000000 ____D C:\Users\Calice\AppData\Roaming\TP
2012-04-07 17:52 - 2011-11-10 12:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-07 17:52 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-07 04:31 - 2012-06-12 13:51 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 13:51 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 18:34 - 2012-04-05 18:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 18:34 - 2012-04-05 18:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 18:34 - 2012-04-05 18:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 18:33 - 2012-04-05 18:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 18:33 - 2012-04-05 18:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 18:33 - 2012-04-05 18:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 18:32 - 2012-04-05 18:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2012-02-14 19:18 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2011-12-05 19:16 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2012-02-14 19:07 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2011-12-05 18:18 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2011-12-05 18:51 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2012-04-05 17:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2012-04-05 17:22 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:09 - 2012-02-14 18:12 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:09 - 2011-12-05 18:11 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-04 20:41 - 2012-04-04 20:38 - 00000000 ____D C:\Users\Calice\AppData\Local\Microsoft Games
2012-04-04 18:26 - 2012-04-04 18:26 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-04 14:47 - 2012-05-31 14:01 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 14:47 - 2012-05-31 14:01 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-04 14:47 - 2012-05-31 14:01 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 11:56 - 2012-06-23 06:33 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 03:35 - 2012-05-11 08:00 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 20:33 - 2012-03-27 20:33 - 00000000 ____D C:\Program Files\AMD
2012-03-27 20:33 - 2012-03-27 20:33 - 00000000 ____D C:\Program Files (x86)\AMD

ZeroAccess:
C:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}
C:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\@
C:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\L
C:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\n
C:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\U
C:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\U\00000001.@
C:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\U\80000000.@
C:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\U\800000cb.@

ZeroAccess:
C:\Users\Calice\AppData\Local\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}
C:\Users\Calice\AppData\Local\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\@
C:\Users\Calice\AppData\Local\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\L
C:\Users\Calice\AppData\Local\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8190.46 MB
Available physical RAM: 7389.28 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 7382.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:416.99 GB) NTFS
3 Drive f: () (Removable) (Total:0.94 GB) (Free:0.81 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 967 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 967 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 967 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-20 12:51

======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Thanks so much for your reply. Hope I did this right.

Farbar Recovery Scan Tool Version: 23-06-2012
Ran by SYSTEM at 2012-06-23 16:05:01
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-06-23 08:29] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

See if you can boot normally.

If so...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    512 bytes · Views: 3
Ok I added the file like you said and it booted up normally (Thank you so much for that :D) but the log it left was blank did I mess up somewhere? After I ran combo fix it mentioned something about a registry key I was not really sure what it meant...


ComboFix 12-06-23.05 - Calice 06/23/2012 19:31:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6634 [GMT -4:00]
Running from: c:\users\Calice\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmpA3CD.tmp
c:\windows\SysWow64\tmpA3CE.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 21:31 . 2012-06-23 21:32 -------- d-----w- C:\FRST
2012-06-23 16:58 . 2012-06-23 16:58 328704 ----a-w- c:\windows\system32\services.exe.1EE77193F9BCFE96
2012-06-23 15:35 . 2012-06-23 15:35 328704 ----a-w- c:\windows\system32\services.exe.CE47B7580E4127D0
2012-06-23 15:24 . 2012-06-23 15:24 328704 ----a-w- c:\windows\system32\services.exe.5994B9A783CBAC2F
2012-06-23 15:16 . 2012-06-23 15:16 328704 ----a-w- c:\windows\system32\services.exe.619C4D112007EE12
2012-06-23 15:13 . 2012-06-23 15:13 328704 ----a-w- c:\windows\system32\services.exe.8A63788CF596CCF5
2012-06-23 15:08 . 2012-06-23 15:08 328704 ----a-w- c:\windows\system32\services.exe.C5C946D4B2BF6104
2012-06-23 15:05 . 2012-06-23 15:05 328704 ----a-w- c:\windows\system32\services.exe.49D2A407B3219963
2012-06-23 14:47 . 2012-06-23 14:47 328704 ----a-w- c:\windows\system32\services.exe.FD71B6D71538D73C
2012-06-23 14:41 . 2012-06-23 14:41 328704 ----a-w- c:\windows\system32\services.exe.A0A2B4E64A5EB56A
2012-06-23 14:36 . 2012-06-23 14:36 328704 ----a-w- c:\windows\system32\services.exe.F33C70996493D25B
2012-06-23 14:36 . 2012-06-23 14:36 -------- d-----w- c:\users\Calice\AppData\Roaming\Malwarebytes
2012-06-23 14:33 . 2012-06-23 14:33 328704 ----a-w- c:\windows\system32\services.exe.58CAF57F892AF75F
2012-06-23 14:33 . 2012-06-23 14:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 14:33 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 14:33 . 2012-06-23 14:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-23 14:31 . 2012-06-23 14:31 328704 ----a-w- c:\windows\system32\services.exe.A2007D98A6CD6238
2012-06-23 14:28 . 2012-06-23 14:28 328704 ----a-w- c:\windows\system32\services.exe.ABBEF8ABF0A3E908
2012-06-23 14:26 . 2012-06-23 14:26 328704 ----a-w- c:\windows\system32\services.exe.29FC24FA8905EC12
2012-06-23 14:23 . 2012-06-23 14:23 328704 ----a-w- c:\windows\system32\services.exe.103CBED513E3C65D
2012-06-23 14:20 . 2012-06-23 14:20 328704 ----a-w- c:\windows\system32\services.exe.D45CCEF7CB5FEC72
2012-06-23 14:18 . 2012-06-23 14:18 328704 ----a-w- c:\windows\system32\services.exe.643BBA4CF88C93BC
2012-06-23 14:13 . 2012-06-23 14:13 328704 ----a-w- c:\windows\system32\services.exe.BA177F2C14A4843F
2012-06-23 14:09 . 2012-06-23 14:09 328704 ----a-w- c:\windows\system32\services.exe.8735FAF4A73CA8CB
2012-06-23 14:06 . 2012-06-23 14:06 328704 ----a-w- c:\windows\system32\services.exe.EC6FB467ADB4FF9C
2012-06-23 14:02 . 2012-06-23 14:02 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C830568-2D1D-48EF-943B-340EDA25CE9A}\gapaengine.dll
2012-06-23 14:02 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6FBAD79-DB85-4569-9493-E9832F78C40E}\mpengine.dll
2012-06-23 14:00 . 2012-06-23 14:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-23 14:00 . 2012-06-23 14:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-22 22:48 . 2012-06-22 22:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 17:15 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 17:15 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 17:15 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 17:15 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 17:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 17:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 17:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 17:15 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 17:15 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 22:16 . 2012-06-17 22:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 22:16 . 2012-06-17 22:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-16 19:14 . 2012-06-23 23:34 -------- d-----w- c:\programdata\NCH Software
2012-06-16 19:14 . 2012-06-16 19:14 -------- d-----w- c:\program files (x86)\NCH Software
2012-06-16 19:14 . 2012-06-23 23:34 -------- d-----w- c:\users\Calice\AppData\Roaming\NCH Software
2012-06-16 02:35 . 2012-06-16 02:35 -------- d-----w- c:\program files (x86)\Conduit
2012-06-16 02:35 . 2012-06-16 02:40 -------- d-----w- c:\users\Calice\AppData\Local\Conduit
2012-06-12 00:01 . 2012-06-12 00:01 -------- d-----w- c:\program files (x86)\LG Electronics
2012-06-12 00:01 . 2008-11-11 17:42 33792 ----a-w- c:\windows\system32\drivers\lgx64modem.sys
2012-06-12 00:01 . 2008-11-11 17:42 27136 ----a-w- c:\windows\system32\drivers\lgx64gps.sys
2012-06-12 00:01 . 2008-11-11 17:42 27136 ----a-w- c:\windows\system32\drivers\lgx64diag.sys
2012-06-12 00:01 . 2008-11-11 17:42 17920 ----a-w- c:\windows\system32\drivers\lgx64bus.sys
2012-06-12 00:00 . 2001-09-05 09:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-06-12 00:00 . 2001-09-05 09:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-06-12 00:00 . 2001-09-05 09:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-06-12 00:00 . 2001-09-05 09:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-06-12 00:00 . 2002-07-25 21:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-06-10 21:45 . 2012-06-10 21:45 -------- d-----w- c:\programdata\ATI
2012-06-10 21:45 . 2012-06-10 21:45 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-10 21:45 . 2012-06-10 21:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-09 16:51 . 2012-06-09 16:51 -------- d-----w- c:\users\Calice\AppData\Local\Macromedia
2012-05-31 22:01 . 2012-05-31 22:01 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-31 22:01 . 2012-05-31 22:01 -------- d-----w- c:\program files (x86)\Oracle
2012-05-31 22:01 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-31 22:01 . 2012-04-04 22:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-31 22:00 . 2012-05-31 22:00 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 23:39 . 2012-04-28 00:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-22 23:39 . 2012-02-04 00:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-02-15 03:18 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-12-06 03:16 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-02-15 03:07 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:18 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-12-06 02:51 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-02-15 02:12 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-30 11:35 . 2012-05-11 16:00 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056]
R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-15 183560]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 23:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=17
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Calice\AppData\Roaming\Mozilla\Firefox\Profiles\32jjc7vf.default\
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: network.proxy.type - 0
.
 
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-06-23 19:40:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 23:40
.
Pre-Run: 447,607,488,512 bytes free
Post-Run: 447,495,884,800 bytes free
.
- - End Of File - - B66B5312C95BEA19F7158D26E1DC11E5
 
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\services.exe.CE47B7580E4127D0
- c:\windows\system32\services.exe.1EE77193F9BCFE96
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
I am trying to open it and I get a popup window stating "illegal operation attempted on a registry key that has been marked for deletion."
 
That's because you don't read my instructions carefully:
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
 
Sorry about that :D

I rebooted it up and everything is working but I cannot upload the files to virustotal, I can see the files in windows explorer but they will not appear in the upload file menu.
 
I can see the problem. They're too big for that upload.
Don't worry about it.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\services.exe.EC6FB467ADB4FF9C
c:\windows\system32\services.exe.8735FAF4A73CA8CB
c:\windows\system32\services.exe.BA177F2C14A4843F
 c:\windows\system32\services.exe.643BBA4CF88C93BC
c:\windows\system32\services.exe.D45CCEF7CB5FEC72
c:\windows\system32\services.exe.103CBED513E3C65D
c:\windows\system32\services.exe.29FC24FA8905EC12
c:\windows\system32\services.exe.ABBEF8ABF0A3E908
c:\windows\system32\services.exe.A2007D98A6CD6238
c:\windows\system32\services.exe.58CAF57F892AF75F
c:\windows\system32\services.exe.F33C70996493D25B
c:\windows\system32\services.exe.A0A2B4E64A5EB56A
c:\windows\system32\services.exe.FD71B6D71538D73C
c:\windows\system32\services.exe.49D2A407B3219963
c:\windows\system32\services.exe.C5C946D4B2BF6104
c:\windows\system32\services.exe.8A63788CF596CCF5
c:\windows\system32\services.exe.619C4D112007EE12
c:\windows\system32\services.exe.5994B9A783CBAC2F
c:\windows\system32\services.exe.CE47B7580E4127D0
c:\windows\system32\services.exe.1EE77193F9BCFE96

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-06-23.05 - Calice 06/23/2012 21:55:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6551 [GMT -4:00]
Running from: c:\users\Calice\Downloads\ComboFix.exe
Command switches used :: c:\users\Calice\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\services.exe.103CBED513E3C65D"
"c:\windows\system32\services.exe.1EE77193F9BCFE96"
"c:\windows\system32\services.exe.29FC24FA8905EC12"
"c:\windows\system32\services.exe.49D2A407B3219963"
"c:\windows\system32\services.exe.58CAF57F892AF75F"
"c:\windows\system32\services.exe.5994B9A783CBAC2F"
"c:\windows\system32\services.exe.619C4D112007EE12"
"c:\windows\system32\services.exe.643BBA4CF88C93BC"
"c:\windows\system32\services.exe.8735FAF4A73CA8CB"
"c:\windows\system32\services.exe.8A63788CF596CCF5"
"c:\windows\system32\services.exe.A0A2B4E64A5EB56A"
"c:\windows\system32\services.exe.A2007D98A6CD6238"
"c:\windows\system32\services.exe.ABBEF8ABF0A3E908"
"c:\windows\system32\services.exe.BA177F2C14A4843F"
"c:\windows\system32\services.exe.C5C946D4B2BF6104"
"c:\windows\system32\services.exe.CE47B7580E4127D0"
"c:\windows\system32\services.exe.D45CCEF7CB5FEC72"
"c:\windows\system32\services.exe.EC6FB467ADB4FF9C"
"c:\windows\system32\services.exe.F33C70996493D25B"
"c:\windows\system32\services.exe.FD71B6D71538D73C"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Calice\AppData\Local\Temp\{9A65AD2E-ABFB-4B39-8753-7FD9565ED4D7}\fpb.tmp
c:\windows\system32\services.exe.103CBED513E3C65D
c:\windows\system32\services.exe.1EE77193F9BCFE96
c:\windows\system32\services.exe.29FC24FA8905EC12
c:\windows\system32\services.exe.49D2A407B3219963
c:\windows\system32\services.exe.58CAF57F892AF75F
c:\windows\system32\services.exe.5994B9A783CBAC2F
c:\windows\system32\services.exe.619C4D112007EE12
c:\windows\system32\services.exe.643BBA4CF88C93BC
c:\windows\system32\services.exe.8735FAF4A73CA8CB
c:\windows\system32\services.exe.8A63788CF596CCF5
c:\windows\system32\services.exe.A0A2B4E64A5EB56A
c:\windows\system32\services.exe.A2007D98A6CD6238
c:\windows\system32\services.exe.ABBEF8ABF0A3E908
c:\windows\system32\services.exe.BA177F2C14A4843F
c:\windows\system32\services.exe.C5C946D4B2BF6104
c:\windows\system32\services.exe.CE47B7580E4127D0
c:\windows\system32\services.exe.D45CCEF7CB5FEC72
c:\windows\system32\services.exe.EC6FB467ADB4FF9C
c:\windows\system32\services.exe.F33C70996493D25B
c:\windows\system32\services.exe.FD71B6D71538D73C
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 01:59 . 2012-06-24 01:59 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6FBAD79-DB85-4569-9493-E9832F78C40E}\offreg.dll
2012-06-24 01:59 . 2012-06-24 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 21:31 . 2012-06-23 21:32 -------- d-----w- C:\FRST
2012-06-23 14:36 . 2012-06-23 14:36 -------- d-----w- c:\users\Calice\AppData\Roaming\Malwarebytes
2012-06-23 14:33 . 2012-06-23 14:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 14:33 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 14:33 . 2012-06-23 14:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-23 14:02 . 2012-06-23 14:02 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C830568-2D1D-48EF-943B-340EDA25CE9A}\gapaengine.dll
2012-06-23 14:02 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6FBAD79-DB85-4569-9493-E9832F78C40E}\mpengine.dll
2012-06-23 14:00 . 2012-06-23 14:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-23 14:00 . 2012-06-23 14:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-22 22:48 . 2012-06-22 22:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 17:15 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 17:15 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 17:15 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 17:15 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 17:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 17:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 17:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 17:15 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 17:15 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 22:16 . 2012-06-17 22:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 22:16 . 2012-06-17 22:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-16 19:14 . 2012-06-23 23:34 -------- d-----w- c:\programdata\NCH Software
2012-06-16 19:14 . 2012-06-16 19:14 -------- d-----w- c:\program files (x86)\NCH Software
2012-06-16 19:14 . 2012-06-23 23:34 -------- d-----w- c:\users\Calice\AppData\Roaming\NCH Software
2012-06-16 02:35 . 2012-06-16 02:35 -------- d-----w- c:\program files (x86)\Conduit
2012-06-16 02:35 . 2012-06-16 02:40 -------- d-----w- c:\users\Calice\AppData\Local\Conduit
2012-06-12 00:01 . 2012-06-12 00:01 -------- d-----w- c:\program files (x86)\LG Electronics
2012-06-12 00:01 . 2008-11-11 17:42 33792 ----a-w- c:\windows\system32\drivers\lgx64modem.sys
2012-06-12 00:01 . 2008-11-11 17:42 27136 ----a-w- c:\windows\system32\drivers\lgx64gps.sys
2012-06-12 00:01 . 2008-11-11 17:42 27136 ----a-w- c:\windows\system32\drivers\lgx64diag.sys
2012-06-12 00:01 . 2008-11-11 17:42 17920 ----a-w- c:\windows\system32\drivers\lgx64bus.sys
2012-06-12 00:00 . 2001-09-05 09:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-06-12 00:00 . 2001-09-05 09:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-06-12 00:00 . 2001-09-05 09:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-06-12 00:00 . 2001-09-05 09:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-06-12 00:00 . 2002-07-25 21:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-06-10 21:45 . 2012-06-10 21:45 -------- d-----w- c:\programdata\ATI
2012-06-10 21:45 . 2012-06-10 21:45 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-10 21:45 . 2012-06-10 21:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-09 16:51 . 2012-06-09 16:51 -------- d-----w- c:\users\Calice\AppData\Local\Macromedia
2012-05-31 22:01 . 2012-05-31 22:01 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-31 22:01 . 2012-05-31 22:01 -------- d-----w- c:\program files (x86)\Oracle
2012-05-31 22:01 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-31 22:01 . 2012-04-04 22:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-31 22:00 . 2012-05-31 22:00 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 23:39 . 2012-04-28 00:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-22 23:39 . 2012-02-04 00:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-02-15 03:18 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-12-06 03:16 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-02-15 03:07 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:18 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-12-06 02:51 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-02-15 02:12 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-30 11:35 . 2012-05-11 16:00 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_23.36.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-24 01:59 . 2012-06-24 01:59 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-23 23:35 . 2012-06-23 23:35 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-06-24 01:34 32366 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-24 01:34 37860 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-16 08:00 . 2012-06-24 00:27 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-15 03:52 . 2012-06-24 01:34 9556 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-876829241-3342464797-2240709727-1002_UserData.bin
- 2012-06-23 23:35 . 2012-06-23 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-24 01:59 . 2012-06-24 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-24 01:59 . 2012-06-24 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-23 23:35 . 2012-06-23 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-23 23:30 664350 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-24 01:37 664350 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-23 23:30 122960 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-24 01:37 122960 c:\windows\system32\perfc009.dat
- 2012-02-04 00:27 . 2012-06-23 23:35 815232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-04 00:27 . 2012-06-24 01:59 815232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-23 23:35 255488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-24 01:59 255488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-15 04:20 . 2012-06-24 01:59 4917330 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-876829241-3342464797-2240709727-1002-4096.dat
- 2012-03-15 04:20 . 2012-06-23 23:35 27343641 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-876829241-3342464797-2240709727-1002-8192.dat
+ 2012-03-15 04:20 . 2012-06-24 01:59 27343641 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-876829241-3342464797-2240709727-1002-8192.dat
 
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056]
R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-15 183560]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 23:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=17
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Calice\AppData\Roaming\Mozilla\Firefox\Profiles\32jjc7vf.default\
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-06-23 22:03:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 02:03
ComboFix2.txt 2012-06-23 23:40
.
Pre-Run: 447,404,347,392 bytes free
Post-Run: 447,080,497,152 bytes free
.
- - End Of File - - 84A377482A697B1B8ABCA9F09B42DCA4
 
Good.

Any current issues?

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Everything is going well so far thank you so much for helping me. :)

Quick question I downloaded malbytes earlier today do I uninstall it and redownload or just use the current version?
 
OTL Text

OTL logfile created on: 6/23/2012 10:27:32 PM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Calice\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.73 Gb Available Physical Memory | 84.16% Memory free
16.00 Gb Paging File | 14.53 Gb Available in Paging File | 90.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 416.34 Gb Free Space | 89.41% Space Free | Partition Type: NTFS

Computer Name: CALICE-PC | User Name: Calice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 22:25:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Calice\Downloads\OTL.exe
PRC - [2012/06/22 18:46:16 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/14 05:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/22 19:39:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/17 18:16:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 13:13:19 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/15 05:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/14 05:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/08 15:42:16 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2010/08/12 16:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64gps.sys -- (UsbGps)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-876829241-3342464797-2240709727-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-876829241-3342464797-2240709727-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
IE - HKU\S-1-5-21-876829241-3342464797-2240709727-1002\..\SearchScopes,DefaultScope = {72A90F3A-30DB-43FF-AFA7-642317F2C2DD}
IE - HKU\S-1-5-21-876829241-3342464797-2240709727-1002\..\SearchScopes\{72A90F3A-30DB-43FF-AFA7-642317F2C2DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKU\S-1-5-21-876829241-3342464797-2240709727-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "https://accounts.google.com/Service...m/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 18:16:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 18:16:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/14 23:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calice\AppData\Roaming\Mozilla\Extensions
[2012/06/16 12:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calice\AppData\Roaming\Mozilla\Firefox\Profiles\32jjc7vf.default\extensions
[2012/03/14 23:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/17 18:16:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/17 18:16:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 18:16:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/23 22:00:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-876829241-3342464797-2240709727-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-876829241-3342464797-2240709727-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{737D2B0F-1E9D-46A0-9F95-16C70E2BB9E8}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 22:03:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/23 22:00:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/23 19:31:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/23 19:31:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/23 19:31:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/23 19:30:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/23 19:30:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/23 17:31:37 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/23 10:36:13 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Roaming\Malwarebytes
[2012/06/23 10:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/23 10:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/23 10:33:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/23 10:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/23 10:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/23 10:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/22 18:48:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/20 17:53:50 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\{F9624A5F-E9A5-4818-A833-33DEB9BA90A6}
[2012/06/20 17:53:40 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\{1ED868E8-4FB4-413F-8AE7-73D41338ED21}
[2012/06/16 15:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/06/16 15:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/06/16 15:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012/06/16 15:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/06/16 15:14:21 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Roaming\NCH Software
[2012/06/15 22:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/06/15 22:35:13 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\Conduit
[2012/06/12 18:14:14 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\{02FA11B7-A6B4-4E03-9B22-D26A4597B86D}
[2012/06/12 18:14:04 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\{534D160A-FEC6-4DCB-B9BD-D8918E279241}
[2012/06/11 21:24:44 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\{38813479-1E4D-4561-BC86-455119DF3FC6}
[2012/06/11 21:24:33 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\{6E639B70-DCF1-4026-8059-E2922519EDB0}
[2012/06/11 20:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012/06/10 22:03:52 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\{48546F70-1B0B-4D93-B9DE-56FECC9245EA}
[2012/06/10 17:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/06/10 17:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/06/10 17:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/10 17:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/06/09 12:51:52 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\Macromedia
[2012/06/01 15:09:37 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\{357542D8-B6DA-467B-AE3F-A44F5405331A}
[2012/06/01 15:09:27 | 000,000,000 | ---D | C] -- C:\Users\Calice\AppData\Local\{89318356-0E99-4C8E-9B05-31F38A440C16}
[2012/05/31 18:36:41 | 000,000,000 | ---D | C] -- C:\Users\Calice\Documents\Activities
[2012/05/31 18:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/31 18:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/31 18:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/31 18:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/23 22:12:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 22:12:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 22:09:57 | 000,783,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/23 22:09:57 | 000,664,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/23 22:09:57 | 000,122,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/23 22:05:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 22:05:33 | 2146,275,327 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/23 22:00:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/23 21:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 10:33:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/23 10:00:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/23 10:00:19 | 000,799,314 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/13 17:02:25 | 000,299,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/30 15:01:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 19:31:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/23 19:31:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/23 19:31:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/23 19:31:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/23 19:31:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/23 10:33:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/23 10:00:21 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/16 15:14:43 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2012/06/16 15:14:25 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2012/03/15 00:23:55 | 000,799,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/03 20:06:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/03 19:52:29 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/03/15 14:38:40 | 000,000,000 | ---D | M] -- C:\Users\Calice\AppData\Roaming\Blender Foundation
[2012/06/14 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Calice\AppData\Roaming\SoftGrid Client
[2012/04/07 21:52:52 | 000,000,000 | ---D | M] -- C:\Users\Calice\AppData\Roaming\TP
[2012/06/23 21:59:48 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/23 22:03:03 | 000,025,803 | ---- | M] () -- C:\ComboFix.txt
[2012/02/03 19:56:37 | 000,000,086 | ---- | M] () -- C:\CSB.LOG
[2012/06/23 22:05:33 | 2146,275,327 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 19:53:57 | 000,000,086 | ---- | M] () -- C:\Install.log
[2012/06/23 22:05:35 | 4293,357,567 | -HS- | M] () -- C:\pagefile.sys
[2012/02/03 19:54:54 | 000,002,213 | ---- | M] () -- C:\RHDSetup.log
[2010/03/19 19:55:52 | 002,073,703 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.CAB
[2010/03/19 19:58:20 | 000,551,424 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/14 23:51:52 | 000,000,221 | -HS- | M] () -- C:\Users\Calice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/23 21:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 22:05:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/23 21:59:48 | 000,032,560 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/03/15 03:09:36 | 000,000,402 | -HS- | M] () -- C:\Users\Calice\Favorites\desktop.ini
[2012/06/16 15:14:44 | 000,000,276 | ---- | M] () -- C:\Users\Calice\Favorites\NCH Software Download Site.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< >
< End of report >
 
OTL Extras

OTL Extras logfile created on: 6/23/2012 10:27:32 PM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Calice\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.73 Gb Available Physical Memory | 84.16% Memory free
16.00 Gb Paging File | 14.53 Gb Available in Paging File | 90.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 416.34 Gb Free Space | 89.41% Space Free | Partition Type: NTFS

Computer Name: CALICE-PC | User Name: Calice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-876829241-3342464797-2240709727-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0F7861E5-3B24-33CA-AECF-B5477194CEEB}" = Windows Phone Emulator x64 - ENU
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Blender" = Blender
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0839DB3-FBB8-4D14-936F-1D457A088224}" = Bing Bar
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"Steam App 31270" = Puzzle Agent
"Steam App 70400" = Recettear: An Item Shop's Tale
"Switch" = Switch Sound File Converter
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2012 8:42:05 PM | Computer Name = Calice-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 6/19/2012 8:42:05 PM | Computer Name = Calice-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 6/19/2012 8:42:05 PM | Computer Name = Calice-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 6/19/2012 8:42:05 PM | Computer Name = Calice-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 6/19/2012 8:42:05 PM | Computer Name = Calice-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 6/19/2012 8:42:05 PM | Computer Name = Calice-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 6/19/2012 8:42:05 PM | Computer Name = Calice-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 6/19/2012 8:42:05 PM | Computer Name = Calice-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 6/19/2012 8:42:05 PM | Computer Name = Calice-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 6/19/2012 8:43:41 PM | Computer Name = Calice-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/23/2012 10:32:53 AM | Computer Name = Calice-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:31:14 AM on ?6/?23/?2012 was unexpected.

Error - 6/23/2012 10:32:57 AM | Computer Name = Calice-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 6/23/2012 10:32:57 AM | Computer Name = Calice-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 6/23/2012 10:32:57 AM | Computer Name = Calice-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 6/23/2012 10:32:57 AM | Computer Name = Calice-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 6/23/2012 10:32:59 AM | Computer Name = Calice-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 6/23/2012 10:33:08 AM | Computer Name = Calice-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 6/23/2012 10:33:08 AM | Computer Name = Calice-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 6/23/2012 10:33:52 AM | Computer Name = Calice-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285
Name:
Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:564
Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM
Process
Name: C:\Windows\system32\services.exe Action: %%809 Action Status: No additional
actions required Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.129.349.0, AS: 1.129.349.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0,
NIS: 2.0.8001.0

Error - 6/23/2012 10:35:29 AM | Computer Name = Calice-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:33:48 AM on ?6/?23/?2012 was unexpected.


< End of report >
 
Malwarebytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.23.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Calice :: CALICE-PC [administrator]
6/23/2012 10:44:31 PM
mbam-log-2012-06-23 (22-44-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205854
Time elapsed: 1 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
OTL logs are clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Security Check

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

JavaFX 2.1.0
Java(TM) 7 Update 4
Out of date Java installed!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
FSS

Farbar Service Scanner Version: 23-06-2012
Ran by Calice (administrator) on 23-06-2012 at 23:03:58
Running from "C:\Users\Calice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TG1B6WX"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
Okay ESET report

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
C:\FRST\Quarantine\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\U\00000001.@ Win64/Sirefef.AI trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
 
Back