TechSpot

Sirefef.Y and .B 60sec Restart- Issues obviously...

By StratAtk01
Jun 26, 2012
  1. WSE has been acting weird for the past 2 weeks, so last night I uninstalled/re-installed it and I got the 60 sec shutdown message like an hour later. It restarted and WSE found:
    Trojan: Win64/Sirefef.Y
    Virus: Win65/Sirefef.B
    Ive got the Malwarebytes, GMER, and DDS programs on my infected PC via external cardreader.
    I tried to run the Malwarebytes program in Safe Mode, since I cant even open it in time on Normal Startup. It got through the entire scan, found 7 problems, had them removed and Malwarebytes wanted a restart, I hit ok, return to safe mode and there are no log files...

    What should I do, or should I do something different.
    Thanks!!!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    What Windows version is it?
     
  3. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    Oops Sorry, Windows Vista Home 64bit
     
  4. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    Results of FRST.txt scan:

    Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
    Ran by SYSTEM at 26-06-2012 21:26:41
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
    HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-09-09] (CyberLink Corp.)
    HKLM-x32\...\Run: [hpqSRMon] [x]
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [x]
    HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
    HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [x]
    HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKU\c0dem4n\...\Run: [Google Update] "C:\Users\c0dem4n\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-09-18] (Google Inc.)
    HKU\c0dem4n\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Default\...\Run: [HPADVISOR] [x]
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Default User\...\Run: [HPADVISOR] [x]
    HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [HPADVISOR] [x]
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [462408 2012-04-04] (Malwarebytes Corporation)
    Tcpip\Parameters: [DhcpNameServer] 65.126.99.146 204.248.112.2
    ==================== Services (Whitelisted) ======
    2 ehstart; C:\Windows\ehome\ehstart.dll [15360 2006-11-02] (Microsoft Corporation)
    3 GameConsoleService; "C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe" [242424 2009-02-24] (WildTangent, Inc.)
    2 HPBtnSrv; C:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()
    2 LVPrcS64; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [191000 2009-10-06] (Logitech Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [430136 2011-08-24] (Sony Corporation)
    2 Themes; C:\Windows\SysWow64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation)
    ========================== Drivers (Whitelisted) =============
    3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
    3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    4 nvrd64; C:\Windows\System32\Drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
    3 Ps2; C:\Windows\System32\Drivers\Ps2.sys [21504 2006-09-07] ()
    3 Razerlow; C:\Windows\System32\Drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
    3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [x]
    3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    2 MCSTRM; [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-26 21:26 - 2012-06-26 21:26 - 00000000 ____D C:\FRST
    2012-06-26 16:52 - 2012-06-26 16:52 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B984919B88A22BAA
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000910 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Users\c0dem4n\Application Data\Malwarebytes
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Users\c0dem4n\AppData\Roaming\Malwarebytes
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-25 18:23 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 18:11 - 2012-06-25 17:53 - 00607260 ____A (Swearware) C:\Users\c0dem4n\Desktop\dds.scr
    2012-06-25 18:11 - 2012-06-25 17:52 - 00302592 ____A C:\Users\c0dem4n\Desktop\o0jz4i06.exe
    2012-06-25 18:11 - 2012-06-25 17:48 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\c0dem4n\Desktop\mbam-setup-1.61.0.1400.exe
    2012-06-24 21:44 - 2012-06-24 21:44 - 00000448 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
    2012-06-24 21:44 - 2012-06-24 21:44 - 00000000 ____D C:\Users\c0dem4n\Application Data\DriverCure
    2012-06-24 21:44 - 2012-06-24 21:44 - 00000000 ____D C:\Users\c0dem4n\AppData\Roaming\DriverCure
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000992 ____A C:\Users\c0dem4n\Desktop\SpeedyPC Pro.lnk
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000468 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000424 ____A C:\Windows\Tasks\SpeedyPC Pro.job
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Users\c0dem4n\Application Data\SpeedyPC Software
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Users\c0dem4n\AppData\Roaming\SpeedyPC Software
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
    2012-06-24 21:24 - 2012-06-24 21:24 - 00000000 __SHD C:\found.000
    2012-06-24 19:39 - 2012-06-24 19:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-24 19:39 - 2012-06-24 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-24 19:37 - 2012-06-24 19:38 - 12621696 ____A (Microsoft Corporation) C:\Users\c0dem4n\Downloads\mseinstall (1).exe
    2012-06-23 20:16 - 2012-06-23 20:23 - 00000000 ____D C:\Users\c0dem4n\Desktop\Melissa
    2012-06-23 20:14 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-23 20:14 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-23 20:14 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-23 20:14 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-23 20:14 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-23 20:14 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-23 20:14 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-23 20:14 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-23 20:14 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-23 20:14 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-23 20:14 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-23 20:14 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-23 20:14 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-23 20:14 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-06-22 12:59 - 2012-06-22 12:59 - 00000000 ____D C:\Users\All Users\WindowsSearch
    2012-06-22 12:59 - 2012-06-22 12:59 - 00000000 ____D C:\Users\All Users\Application Data\WindowsSearch
    2012-06-21 20:18 - 2012-06-21 20:18 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-12 18:58 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-12 18:58 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-12 18:58 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-12 18:58 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-12 18:58 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-12 18:58 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-12 18:58 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-12 18:58 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-12 18:58 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-12 18:58 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-12 18:58 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-12 18:58 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-12 18:58 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-12 18:58 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-12 18:58 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-12 18:58 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-12 18:58 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-12 18:58 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-12 18:58 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-12 18:58 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-12 18:58 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-12 18:58 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-12 18:58 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-12 18:58 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-12 18:58 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 18:57 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-12 18:57 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-12 18:57 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-12 13:37 - 2012-05-01 06:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-12 13:32 - 2012-05-15 12:15 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 13:30 - 2012-04-23 08:25 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-12 13:30 - 2012-04-23 08:25 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-12 13:30 - 2012-04-23 08:25 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-12 13:30 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-12 13:30 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-12 13:30 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    ============ 3 Months Modified Files and Folders =============
    2012-06-26 21:26 - 2012-06-26 21:26 - 00000000 ____D C:\FRST
    2012-06-26 17:17 - 2009-09-23 19:46 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-06-26 17:16 - 2011-03-19 17:35 - 00000348 ____A C:\Windows\Tasks\RegistryBooster.job
    2012-06-26 17:16 - 2008-08-21 01:22 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-06-26 17:16 - 2008-08-21 01:22 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA
    2012-06-26 17:16 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-26 17:16 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 17:16 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 16:52 - 2012-06-26 16:52 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B984919B88A22BAA
    2012-06-25 18:58 - 2008-01-20 19:26 - 00256454 ____A C:\Windows\PFRO.log
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000910 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Users\c0dem4n\Application Data\Malwarebytes
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Users\c0dem4n\AppData\Roaming\Malwarebytes
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-25 18:23 - 2012-06-25 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-25 17:53 - 2012-06-25 18:11 - 00607260 ____A (Swearware) C:\Users\c0dem4n\Desktop\dds.scr
    2012-06-25 17:52 - 2012-06-25 18:11 - 00302592 ____A C:\Users\c0dem4n\Desktop\o0jz4i06.exe
    2012-06-25 17:48 - 2012-06-25 18:11 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\c0dem4n\Desktop\mbam-setup-1.61.0.1400.exe
    2012-06-24 21:44 - 2012-06-24 21:44 - 00000448 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
    2012-06-24 21:44 - 2012-06-24 21:44 - 00000000 ____D C:\Users\c0dem4n\Application Data\DriverCure
    2012-06-24 21:44 - 2012-06-24 21:44 - 00000000 ____D C:\Users\c0dem4n\AppData\Roaming\DriverCure
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000992 ____A C:\Users\c0dem4n\Desktop\SpeedyPC Pro.lnk
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000468 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000424 ____A C:\Windows\Tasks\SpeedyPC Pro.job
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Users\c0dem4n\Application Data\SpeedyPC Software
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Users\c0dem4n\AppData\Roaming\SpeedyPC Software
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software
    2012-06-24 21:43 - 2012-06-24 21:43 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
    2012-06-24 21:28 - 2006-11-02 07:42 - 00032568 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-24 21:24 - 2012-06-24 21:24 - 00000000 __SHD C:\found.000
    2012-06-24 20:53 - 2009-02-26 15:48 - 00008592 ____A C:\Users\c0dem4n\Local Settings\d3d9caps.dat
    2012-06-24 20:53 - 2009-02-26 15:48 - 00008592 ____A C:\Users\c0dem4n\Local Settings\Application Data\d3d9caps.dat
    2012-06-24 20:53 - 2009-02-26 15:48 - 00008592 ____A C:\Users\c0dem4n\AppData\Local\d3d9caps.dat
    2012-06-24 20:00 - 2010-10-04 09:01 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2845600061-1872324055-1911129016-1000UA.job
    2012-06-24 19:44 - 2008-08-28 20:19 - 01446806 ____A C:\Windows\WindowsUpdate.log
    2012-06-24 19:39 - 2012-06-24 19:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-24 19:39 - 2012-06-24 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-24 19:39 - 2011-08-19 13:19 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-24 19:39 - 2010-12-27 22:18 - 00721800 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-24 19:38 - 2012-06-24 19:37 - 12621696 ____A (Microsoft Corporation) C:\Users\c0dem4n\Downloads\mseinstall (1).exe
    2012-06-23 21:16 - 2006-11-02 04:46 - 00706952 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-23 21:05 - 2008-11-25 13:11 - 00052736 ____A C:\Users\c0dem4n\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-23 21:05 - 2008-11-25 13:11 - 00052736 ____A C:\Users\c0dem4n\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-23 21:05 - 2008-11-25 13:11 - 00052736 ____A C:\Users\c0dem4n\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-23 20:30 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
    2012-06-23 20:23 - 2012-06-23 20:16 - 00000000 ____D C:\Users\c0dem4n\Desktop\Melissa
    2012-06-23 20:19 - 2008-12-10 00:46 - 00007048 ____A C:\Users\c0dem4n\Application Data\wklnhst.dat
    2012-06-23 20:19 - 2008-12-10 00:46 - 00007048 ____A C:\Users\c0dem4n\AppData\Roaming\wklnhst.dat
    2012-06-23 20:08 - 2011-02-22 17:20 - 00012109 ____A C:\Windows\setupact.log
    2012-06-22 16:00 - 2010-10-04 09:01 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2845600061-1872324055-1911129016-1000Core.job
    2012-06-22 12:59 - 2012-06-22 12:59 - 00000000 ____D C:\Users\All Users\WindowsSearch
    2012-06-22 12:59 - 2012-06-22 12:59 - 00000000 ____D C:\Users\All Users\Application Data\WindowsSearch
    2012-06-21 20:18 - 2012-06-21 20:18 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-21 20:01 - 2012-04-18 08:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-21 20:01 - 2011-05-16 19:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-21 16:07 - 2012-01-11 09:26 - 00000000 __SHD C:\Users\c0dem4n\Local Settings\Application Data\{9e180e7a-9752-e6a9-d4ad-d533132b625b}
    2012-06-21 16:07 - 2012-01-11 09:26 - 00000000 __SHD C:\Users\c0dem4n\Local Settings\{9e180e7a-9752-e6a9-d4ad-d533132b625b}
    2012-06-21 16:07 - 2012-01-11 09:26 - 00000000 __SHD C:\Users\c0dem4n\AppData\Local\{9e180e7a-9752-e6a9-d4ad-d533132b625b}
    2012-06-20 21:49 - 2012-05-17 00:07 - 00000000 ____D C:\Program Files (x86)\Diablo III
    2012-06-14 09:46 - 2008-11-20 09:41 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-06-13 12:49 - 2006-11-02 07:21 - 00302528 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-12 18:52 - 2006-11-02 04:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-06-03 11:43 - 2011-11-05 11:04 - 00000285 ____A C:\Windows\disney.ini
    2012-06-03 11:43 - 2008-08-21 01:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-06-02 14:19 - 2012-06-23 20:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-23 20:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-23 20:14 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-02 14:19 - 2012-06-23 20:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-23 20:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-23 20:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:19 - 2012-06-23 20:14 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-02 14:15 - 2012-06-23 20:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-23 20:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:12 - 2012-06-23 20:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-02 12:19 - 2012-06-23 20:14 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:19 - 2012-06-23 20:14 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-02 12:15 - 2012-06-23 20:14 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 12:12 - 2012-06-23 20:14 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-05-29 19:25 - 2010-12-27 21:46 - 00000412 ____A C:\Windows\ka.ini
    2012-05-29 19:23 - 2010-12-27 21:50 - 00000000 ____D C:\Program Files (x86)\JumpStart
    2012-05-29 19:19 - 2012-02-20 16:55 - 00000000 ____D C:\Users\c0dem4n\My Documents\Aimersoft DVD Creator
    2012-05-29 19:19 - 2012-02-20 16:55 - 00000000 ____D C:\Users\c0dem4n\Documents\Aimersoft DVD Creator
    2012-05-29 19:18 - 2011-02-22 17:20 - 00000000 ____D C:\Program Files (x86)\HTC
    2012-05-29 19:18 - 2008-08-21 01:18 - 00191870 ____A C:\Windows\DPINST.LOG
    2012-05-29 19:14 - 2012-04-10 14:31 - 00000000 ____D C:\Users\All Users\Origin
    2012-05-29 19:14 - 2012-04-10 14:31 - 00000000 ____D C:\Users\All Users\Application Data\Origin
    2012-05-29 19:14 - 2008-08-21 01:49 - 00000000 ____D C:\Users\All Users\WildTangent
    2012-05-29 19:14 - 2008-08-21 01:49 - 00000000 ____D C:\Users\All Users\Application Data\WildTangent
    2012-05-29 19:14 - 2008-08-21 01:49 - 00000000 ____D C:\Program Files (x86)\HP Games
    2012-05-17 20:21 - 2012-05-17 20:21 - 00000000 ____D C:\Users\c0dem4n\My Documents\Diablo III
    2012-05-17 20:21 - 2012-05-17 20:21 - 00000000 ____D C:\Users\c0dem4n\Documents\Diablo III
    2012-05-17 18:47 - 2012-06-12 18:57 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-12 18:57 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-12 18:58 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-12 18:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-12 18:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-12 18:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-12 18:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-12 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-12 18:58 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-12 18:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-12 18:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-12 18:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-12 18:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-12 18:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-12 18:58 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-12 18:57 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-12 18:58 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-12 18:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-12 18:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-12 18:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-12 18:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-12 18:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-12 18:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-12 18:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-12 18:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-12 18:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-12 18:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-12 18:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-17 00:09 - 2012-05-17 00:07 - 00000941 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-05-17 00:09 - 2012-05-17 00:07 - 00000941 ____A C:\Users\All Users\Desktop\Diablo III.lnk
    2012-05-17 00:07 - 2012-05-17 00:07 - 00362718 ____A C:\Users\c0dem4n\Local Settings\dd_vcredistMSI258C.txt
    2012-05-17 00:07 - 2012-05-17 00:07 - 00362718 ____A C:\Users\c0dem4n\Local Settings\Application Data\dd_vcredistMSI258C.txt
    2012-05-17 00:07 - 2012-05-17 00:07 - 00362718 ____A C:\Users\c0dem4n\AppData\Local\dd_vcredistMSI258C.txt
    2012-05-17 00:07 - 2012-05-17 00:07 - 00013374 ____A C:\Users\c0dem4n\Local Settings\dd_vcredistUI258C.txt
    2012-05-17 00:07 - 2012-05-17 00:07 - 00013374 ____A C:\Users\c0dem4n\Local Settings\Application Data\dd_vcredistUI258C.txt
    2012-05-17 00:07 - 2012-05-17 00:07 - 00013374 ____A C:\Users\c0dem4n\AppData\Local\dd_vcredistUI258C.txt
    2012-05-17 00:06 - 2012-05-17 00:02 - 32288896 ____A (Blizzard Entertainment) C:\Users\c0dem4n\My Documents\Diablo-III-Setup-enUS.exe
    2012-05-17 00:06 - 2012-05-17 00:02 - 32288896 ____A (Blizzard Entertainment) C:\Users\c0dem4n\Documents\Diablo-III-Setup-enUS.exe
    2012-05-16 20:16 - 2012-05-16 20:15 - 00420732 ____A C:\Users\c0dem4n\Local Settings\dd_vcredistMSI744D.txt
    2012-05-16 20:16 - 2012-05-16 20:15 - 00420732 ____A C:\Users\c0dem4n\Local Settings\Application Data\dd_vcredistMSI744D.txt
    2012-05-16 20:16 - 2012-05-16 20:15 - 00420732 ____A C:\Users\c0dem4n\AppData\Local\dd_vcredistMSI744D.txt
    2012-05-16 20:16 - 2012-05-16 20:15 - 00013614 ____A C:\Users\c0dem4n\Local Settings\dd_vcredistUI744D.txt
    2012-05-16 20:16 - 2012-05-16 20:15 - 00013614 ____A C:\Users\c0dem4n\Local Settings\Application Data\dd_vcredistUI744D.txt
    2012-05-16 20:16 - 2012-05-16 20:15 - 00013614 ____A C:\Users\c0dem4n\AppData\Local\dd_vcredistUI744D.txt
    2012-05-16 20:09 - 2012-05-16 20:08 - 00000000 ____D C:\Users\All Users\Battle.net
    2012-05-16 20:09 - 2012-05-16 20:08 - 00000000 ____D C:\Users\All Users\Application Data\Battle.net
    2012-05-16 20:08 - 2012-05-16 19:57 - 32288896 ____A (Blizzard Entertainment) C:\Users\c0dem4n\Downloads\Diablo-III-Setup-enUS.exe
    2012-05-15 19:44 - 2012-05-15 19:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-05-15 19:34 - 2012-05-15 19:34 - 00000000 ____D C:\Program Files\iTunes
    2012-05-15 19:34 - 2012-05-15 19:34 - 00000000 ____D C:\Program Files\iPod
    2012-05-15 19:34 - 2012-05-15 19:34 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-05-15 19:34 - 2008-11-15 12:09 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer
    2012-05-15 19:34 - 2008-11-15 12:09 - 00000000 ____D C:\Users\All Users\Apple Computer
    2012-05-15 12:15 - 2012-06-12 13:32 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-15 07:46 - 2010-08-03 13:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-05-15 07:42 - 2012-05-15 07:42 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-05-15 07:42 - 2012-05-15 07:42 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
    2012-05-15 07:42 - 2012-05-15 07:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-05-15 07:41 - 2012-05-15 07:38 - 16339280 ____A (Mozilla) C:\Users\c0dem4n\Downloads\Firefox Setup 12.0.exe
    2012-05-12 07:16 - 2009-05-30 13:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-12 07:13 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2012-05-12 06:30 - 2008-11-15 15:24 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-05-04 20:45 - 2012-04-18 09:43 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-02 19:41 - 2008-11-14 11:51 - 00000000 ____D C:\users\c0dem4n
    2012-05-02 19:40 - 2011-11-17 16:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-05-02 19:40 - 2009-02-28 21:09 - 00000000 ____D C:\NVIDIA
    2012-05-02 19:35 - 2012-05-02 19:11 - 166448312 ____A (NVIDIA Corporation) C:\Users\c0dem4n\Downloads\296.10-desktop-win7-winvista-64bit-english-whql (1).exe
    2012-05-01 19:48 - 2011-01-28 13:38 - 00000000 ____D C:\Users\c0dem4n\My Documents\My Scans
    2012-05-01 19:48 - 2011-01-28 13:38 - 00000000 ____D C:\Users\c0dem4n\Documents\My Scans
    2012-05-01 06:29 - 2012-06-12 13:37 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-23 08:25 - 2012-06-12 13:30 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 08:25 - 2012-06-12 13:30 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 08:25 - 2012-06-12 13:30 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 08:00 - 2012-06-12 13:30 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 08:00 - 2012-06-12 13:30 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 08:00 - 2012-06-12 13:30 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-18 17:56 - 2012-04-18 17:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 17:56 - 2012-04-18 17:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-17 14:57 - 2012-04-10 13:56 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
    2012-04-14 18:29 - 2012-04-14 18:28 - 00000000 ____D C:\Users\c0dem4n\Local Settings\Application Data\{A6AB4A70-FEB6-4BB4-9B08-B3D311150B1F}
    2012-04-14 18:29 - 2012-04-14 18:28 - 00000000 ____D C:\Users\c0dem4n\Local Settings\{A6AB4A70-FEB6-4BB4-9B08-B3D311150B1F}
    2012-04-14 18:29 - 2012-04-14 18:28 - 00000000 ____D C:\Users\c0dem4n\AppData\Local\{A6AB4A70-FEB6-4BB4-9B08-B3D311150B1F}
    2012-04-14 18:25 - 2012-04-14 18:25 - 00000000 ____D C:\Users\c0dem4n\Local Settings\Application Data\{669D7A9E-A0CC-4E46-9E4B-0CD5BF652595}
    2012-04-14 18:25 - 2012-04-14 18:25 - 00000000 ____D C:\Users\c0dem4n\Local Settings\{669D7A9E-A0CC-4E46-9E4B-0CD5BF652595}
    2012-04-14 18:25 - 2012-04-14 18:25 - 00000000 ____D C:\Users\c0dem4n\AppData\Local\{669D7A9E-A0CC-4E46-9E4B-0CD5BF652595}
    2012-04-14 18:25 - 2011-03-15 16:30 - 00000000 ____D C:\Users\c0dem4n\Local Settings\Windows Live
    2012-04-14 18:25 - 2011-03-15 16:30 - 00000000 ____D C:\Users\c0dem4n\Local Settings\Application Data\Windows Live
    2012-04-14 18:25 - 2011-03-15 16:30 - 00000000 ____D C:\Users\c0dem4n\AppData\Local\Windows Live
    2012-04-14 18:20 - 2012-04-14 18:20 - 00000000 ____D C:\Users\c0dem4n\Local Settings\Application Data\{8FEB0E47-456D-46F6-847F-3832EFF39386}
    2012-04-14 18:20 - 2012-04-14 18:20 - 00000000 ____D C:\Users\c0dem4n\Local Settings\{8FEB0E47-456D-46F6-847F-3832EFF39386}
    2012-04-14 18:20 - 2012-04-14 18:20 - 00000000 ____D C:\Users\c0dem4n\AppData\Local\{8FEB0E47-456D-46F6-847F-3832EFF39386}
    2012-04-11 08:56 - 2012-04-11 08:56 - 00000000 __HDC C:\Users\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
    2012-04-11 08:56 - 2012-04-11 08:56 - 00000000 __HDC C:\Users\All Users\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
    2012-04-11 08:56 - 2011-03-19 17:35 - 00000000 ____D C:\Program Files (x86)\Uniblue
    2012-04-10 14:36 - 2012-04-10 14:36 - 00000000 ____D C:\Users\c0dem4n\My Documents\Electronic Arts
    2012-04-10 14:36 - 2012-04-10 14:36 - 00000000 ____D C:\Users\c0dem4n\Documents\Electronic Arts
    2012-04-10 14:36 - 2012-04-10 14:36 - 00000000 ____D C:\Users\All Users\EA Core
    2012-04-10 14:36 - 2012-04-10 14:36 - 00000000 ____D C:\Users\All Users\Application Data\EA Core
    2012-04-10 14:35 - 2012-04-10 14:31 - 00001054 ____A C:\Windows\KB893803v2.log
    2012-04-10 14:32 - 2012-04-10 14:32 - 00000000 ____D C:\Users\c0dem4n\Application Data\Origin
    2012-04-10 14:32 - 2012-04-10 14:32 - 00000000 ____D C:\Users\c0dem4n\AppData\Roaming\Origin
    2012-04-10 14:31 - 2012-04-10 14:23 - 00000000 ____D C:\Users\All Users\Electronic Arts
    2012-04-10 14:31 - 2012-04-10 14:23 - 00000000 ____D C:\Users\All Users\Application Data\Electronic Arts
    2012-04-10 14:15 - 2012-04-10 14:15 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
    2012-04-04 12:56 - 2012-06-25 18:23 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-03 00:22 - 2012-05-11 17:22 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-04-01 15:04 - 2012-04-01 15:02 - 16157992 ____A (Mozilla) C:\Users\c0dem4n\Downloads\Firefox Setup 11.0.exe
    2012-04-01 09:30 - 2012-04-01 09:27 - 26478893 ____A C:\Users\c0dem4n\Downloads\allVehicles.zip
    2012-03-31 20:11 - 2012-03-31 20:11 - 00000000 ____D C:\Users\c0dem4n\Application Data\Garmin
    2012-03-31 20:11 - 2012-03-31 20:11 - 00000000 ____D C:\Users\c0dem4n\AppData\Roaming\Garmin
    2012-03-31 20:11 - 2012-03-31 20:10 - 04289032 ____A (Garmin International) C:\Users\c0dem4n\Downloads\GarminMapUpdater_v3.0.11.exe
    2012-03-30 04:45 - 2012-05-11 17:24 - 01422720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-29 06:22 - 2012-05-11 17:24 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    ZeroAccess:
    C:\Windows\Installer\{9e180e7a-9752-e6a9-d4ad-d533132b625b}
    C:\Windows\Installer\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\@
    C:\Windows\Installer\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\L
    C:\Windows\Installer\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\n
    C:\Windows\Installer\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\U
    C:\Windows\Installer\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\U\00000001.@
    C:\Windows\Installer\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\U\80000000.@
    C:\Windows\Installer\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\U\800000cb.@
    ZeroAccess:
    C:\Users\c0dem4n\AppData\Local\{9e180e7a-9752-e6a9-d4ad-d533132b625b}
    C:\Users\c0dem4n\AppData\Local\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\@
    C:\Users\c0dem4n\AppData\Local\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\L
    C:\Users\c0dem4n\AppData\Local\{9e180e7a-9752-e6a9-d4ad-d533132b625b}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 12%
    Total physical RAM: 7165.58 MB
    Available physical RAM: 6263.36 MB
    Total Pagefile: 6718.49 MB
    Available Pagefile: 6240.07 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: (HP) (Fixed) (Total:583.8 GB) (Free:203.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.37 GB) (Free:1.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: () (Removable) (Total:0.02 GB) (Free:0 GB) FAT
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 15 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 584 GB 32 KB
    Partition 2 Primary 12 GB 584 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C HP NTFS Partition 584 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D FACTORY_IMA NTFS Partition 12 GB Healthy
    ======================================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 15 MB 13 KB
    ======================================================================================================
    Disk: 1
    Partition 1
    Type : 01
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 15 MB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-06-24 18:31
    ======================= End Of Log ==========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  7. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    Results of services.exe search.txt ::

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-09-23 19:46] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-09-23 19:46] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
    C:\Windows\SysWOW64\services.exe
    [2009-09-23 19:46] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\System32\services.exe
    [2009-09-23 19:46] - [2012-06-26 17:17] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229
    ====== End Of Search ======
     
  8. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  9. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    Results from fixlog.txt ::

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
    Ran by SYSTEM at 2012-06-26 22:19:37 Run:1
    Running from F:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.B984919B88A22BAA moved successfully.
    C:\Windows\Installer\{9e180e7a-9752-e6a9-d4ad-d533132b625b} moved successfully.
    C:\Users\c0dem4n\AppData\Local\{9e180e7a-9752-e6a9-d4ad-d533132b625b} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
     
  10. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    Results from combofix.txt ::

    ComboFix 12-06-26.02 - c0dem4n 06/26/2012 22:32:23.1.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7166.4941 [GMT -5:00]
    Running from: c:\users\c0dem4n\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\c0dem4n\AppData\Roaming\331BA2
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-27 05:26 . 2012-06-27 05:27 -------- d-----w- C:\FRST
    2012-06-27 03:51 . 2012-06-27 03:51 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E8FCD5C-2622-4E09-902E-B561D4188DDB}\offreg.dll
    2012-06-27 03:48 . 2012-06-27 03:53 -------- d-----w- c:\users\c0dem4n\AppData\Local\temp
    2012-06-26 02:23 . 2012-06-26 02:23 -------- d-----w- c:\users\c0dem4n\AppData\Roaming\Malwarebytes
    2012-06-26 02:23 . 2012-06-26 02:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-26 02:23 . 2012-06-26 02:23 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-26 02:23 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-25 05:44 . 2012-06-25 05:44 -------- d-----w- c:\users\c0dem4n\AppData\Roaming\DriverCure
    2012-06-25 05:43 . 2012-06-25 05:43 -------- d-----w- c:\users\c0dem4n\AppData\Roaming\SpeedyPC Software
    2012-06-25 05:43 . 2012-06-25 05:43 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-06-25 05:43 . 2012-06-25 05:43 -------- d-----w- c:\program files (x86)\SpeedyPC Software
    2012-06-25 05:43 . 2012-06-25 05:43 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
    2012-06-25 05:24 . 2012-06-25 05:24 -------- d-----w- C:\found.000
    2012-06-25 03:43 . 2012-06-25 03:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF313246-4C1B-487E-8EEB-DAA9D2F8E88F}\gapaengine.dll
    2012-06-25 03:43 . 2012-05-31 02:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E8FCD5C-2622-4E09-902E-B561D4188DDB}\mpengine.dll
    2012-06-25 03:39 . 2012-06-25 03:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-25 03:39 . 2012-06-25 03:39 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-22 20:59 . 2012-06-22 20:59 -------- d-----w- c:\programdata\WindowsSearch
    2012-06-22 04:18 . 2012-06-22 04:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-12 21:37 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-12 21:32 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
    2012-06-12 21:30 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-12 21:30 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-12 21:30 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-12 21:30 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-12 21:30 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-12 21:30 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-22 04:01 . 2012-04-18 16:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-22 04:01 . 2011-05-17 03:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 04:45 . 2012-04-18 17:43 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-04-03 08:22 . 2012-05-12 01:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-30 12:45 . 2012-05-12 01:24 1422720 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-29 14:22 . 2012-05-12 01:24 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowCpl"= 1 (0x1)
    "NoNetConnectDisconnect"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2845600061-1872324055-1911129016-1000Core.job
    - c:\users\c0dem4n\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-04 00:11]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2845600061-1872324055-1911129016-1000UA.job
    - c:\users\c0dem4n\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-04 00:11]
    .
    2012-06-27 c:\windows\Tasks\RegistryBooster.job
    - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-04-11 18:56]
    .
    2012-06-25 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
    .
    2012-06-25 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\windows\system32\rundll32.exe [2006-11-02 09:45]
    .
    2012-06-25 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 65.126.99.146 204.248.112.2
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\c0dem4n\AppData\Roaming\Mozilla\Firefox\Profiles\623c5n5d.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
    Wow6432Node-HKLM-Run-hpqSRMon - (no file)
    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
    Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
    AddRemove-Steam - c:\progra~1\Steam\UNWISE.EXE
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2845600061-1872324055-1911129016-1000\Software\SecuROM\License information*]
    "datasecu"=hex:e1,ed,1d,b4,43,ab,3e,72,d0,93,4d,a3,7e,8d,9c,6d,f3,f1,50,88,4c,
    1f,ce,fb,e9,4e,6e,2a,b9,90,5f,1d,b3,2b,a6,5e,c0,0e,1a,74,b7,ed,91,f1,88,00,\
    "rkeysecu"=hex:15,5e,d2,bb,a0,c5,c9,98,09,c6,51,9b,6b,a0,fe,1d
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\hp\HPEZBTN\HPBtnSrv.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files (x86)\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-26 23:01:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-27 04:01
    .
    Pre-Run: 309,143,597,056 bytes free
    Post-Run: 309,791,137,792 bytes free
    .
    - - End Of File - - A89826FB0A9B7C8BAE1103DB24CE8227
     
  11. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Looks good :)

    How is computer doing?

    =====================================

    Uninstall SpeedyPC Software.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =====================================================================

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==============================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    My PC is back to life! Starts fine in normal start-up.
    I was looking at another forum and it suggested that I download that SpeedyPC program. When I saw what it was when I opened it I closed it and never ran it thankfully. So glad I came here, you have been amazing :)

    Waiting for OTL results but here are the results of MalwareBytes scan ::

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.26.01
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    c0dem4n :: C0DEM4N-PC [administrator]
    Protection: Disabled
    6/26/2012 11:55:29 PM
    mbam-log-2012-06-26 (23-55-29).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 226479
    Time elapsed: 4 minute(s), 25 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  13. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    OTL.txt scan results ::

    OTL logfile created on: 6/27/2012 12:09:33 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\c0dem4n\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.00 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 76.08% Memory free
    14.08 Gb Paging File | 12.47 Gb Available in Paging File | 88.54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 583.80 Gb Total Space | 288.76 Gb Free Space | 49.46% Space Free | Partition Type: NTFS
    Drive D: | 12.37 Gb Total Space | 1.69 Gb Free Space | 13.69% Space Free | Partition Type: NTFS
    Drive F: | 15.41 Mb Total Space | 8.08 Mb Free Space | 52.43% Space Free | Partition Type: FAT

    Computer Name: C0DEM4N-PC | User Name: c0dem4n | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/26 23:58:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\c0dem4n\Desktop\OTL.exe
    PRC - [2012/06/21 23:01:58 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/04/01 13:56:28 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
    PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/08/24 18:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2007/05/29 17:19:06 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe
    PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/20 12:11:12 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/05/29 17:19:06 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/30 22:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV:64bit: - [2009/01/19 14:41:48 | 000,609,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)
    DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2005/11/07 15:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Razerlow.sys -- (Razerlow)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B9B3F1F-A7FA-4919-A698-22B5308B5B90}
    IE:64bit: - HKLM\..\SearchScopes\{3B9B3F1F-A7FA-4919-A698-22B5308B5B90}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE:64bit: - HKLM\..\SearchScopes\{F1806E06-8AC8-4CDA-9F3B-7FE2F37D0967}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    IE - HKLM\..\SearchScopes,DefaultScope = {3B9B3F1F-A7FA-4919-A698-22B5308B5B90}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{3B9B3F1F-A7FA-4919-A698-22B5308B5B90}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKLM\..\SearchScopes\{F1806E06-8AC8-4CDA-9F3B-7FE2F37D0967}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{32DCD038-0416-4470-947E-A566C1540DCD}: "URL" = http://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{3B9B3F1F-A7FA-4919-A698-22B5308B5B90}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKCU\..\SearchScopes\{F1806E06-8AC8-4CDA-9F3B-7FE2F37D0967}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\c0dem4n\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\c0dem4n\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\c0dem4n\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/10 23:28:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 22:44:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/15 22:44:46 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/10 23:28:15 | 000,000,000 | ---D | M]

    [2010/08/03 16:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c0dem4n\AppData\Roaming\mozilla\Extensions
    [2009/03/22 19:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c0dem4n\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2012/06/04 02:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c0dem4n\AppData\Roaming\mozilla\Firefox\Profiles\623c5n5d.default\extensions
    [2011/10/07 08:50:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\c0dem4n\AppData\Roaming\mozilla\Firefox\Profiles\623c5n5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/05/15 10:48:28 | 000,000,000 | ---D | M] (Bflix) -- C:\Users\c0dem4n\AppData\Roaming\mozilla\Firefox\Profiles\623c5n5d.default\extensions\info@thebflix.com
    [2012/05/15 10:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\c0dem4n\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\c0dem4n\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\c0dem4n\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\c0dem4n\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\c0dem4n\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\c0dem4n\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\c0dem4n\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\c0dem4n\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AT_Porsche = C:\Users\c0dem4n\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
    CHR - Extension: Gmail = C:\Users\c0dem4n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/26 22:52:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Phone and Modem Options
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = Regional and Language Options
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.126.99.146 204.248.112.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76F1CEDC-682F-4025-B77D-13A1FA8CF981}: DhcpNameServer = 65.126.99.146 204.248.112.2
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\c0dem4n\Videos\2012-03-10 001\DSC00173.JPG
    O24 - Desktop BackupWallPaper: C:\Users\c0dem4n\Videos\2012-03-10 001\DSC00173.JPG
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/27 00:26:30 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/27 00:06:25 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\c0dem4n\Desktop\OTL.exe
    [2012/06/26 23:01:32 | 000,000,000 | ---D | C] -- C:\Users\c0dem4n\AppData\Local\temp
    [2012/06/26 22:53:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/26 22:29:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/26 22:29:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/26 22:29:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/26 22:29:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/26 22:28:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/26 22:23:56 | 004,569,121 | R--- | C] (Swearware) -- C:\Users\c0dem4n\Desktop\ComboFix.exe
    [2012/06/25 21:23:35 | 000,000,000 | ---D | C] -- C:\Users\c0dem4n\AppData\Roaming\Malwarebytes
    [2012/06/25 21:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/25 21:23:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/25 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/25 21:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/25 21:11:17 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\c0dem4n\Desktop\dds.scr
    [2012/06/25 21:11:02 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\c0dem4n\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/06/25 00:44:00 | 000,000,000 | ---D | C] -- C:\Users\c0dem4n\AppData\Roaming\DriverCure
    [2012/06/25 00:43:59 | 000,000,000 | ---D | C] -- C:\Users\c0dem4n\AppData\Roaming\SpeedyPC Software
    [2012/06/25 00:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/06/25 00:24:44 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/06/24 22:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/24 22:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/23 23:16:48 | 000,000,000 | ---D | C] -- C:\Users\c0dem4n\Desktop\Melissa
    [2012/06/22 15:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2012/06/21 23:18:48 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/27 00:04:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
    [2012/06/27 00:04:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/27 00:04:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/27 00:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/27 00:00:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2845600061-1872324055-1911129016-1000UA.job
    [2012/06/26 23:58:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\c0dem4n\Desktop\OTL.exe
    [2012/06/26 22:58:51 | 000,706,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/26 22:58:51 | 000,606,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/26 22:58:51 | 000,105,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/26 22:52:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/26 22:20:48 | 004,569,121 | R--- | M] (Swearware) -- C:\Users\c0dem4n\Desktop\ComboFix.exe
    [2012/06/25 21:23:27 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/25 20:53:52 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\c0dem4n\Desktop\dds.scr
    [2012/06/25 20:52:24 | 000,302,592 | ---- | M] () -- C:\Users\c0dem4n\Desktop\o0jz4i06.exe
    [2012/06/25 20:48:18 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\c0dem4n\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/06/24 23:53:35 | 000,008,592 | ---- | M] () -- C:\Users\c0dem4n\AppData\Local\d3d9caps.dat
    [2012/06/24 22:39:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/24 22:39:18 | 000,721,800 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/24 00:05:33 | 000,052,736 | ---- | M] () -- C:\Users\c0dem4n\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/23 23:19:00 | 000,007,048 | ---- | M] () -- C:\Users\c0dem4n\AppData\Roaming\wklnhst.dat
    [2012/06/22 19:00:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2845600061-1872324055-1911129016-1000Core.job
    [2012/06/13 15:49:20 | 000,302,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/03 14:43:04 | 000,000,285 | ---- | M] () -- C:\Windows\disney.ini
    [2012/05/29 22:25:05 | 000,000,412 | ---- | M] () -- C:\Windows\ka.ini
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/26 22:29:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/26 22:29:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/26 22:29:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/26 22:29:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/26 22:29:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/25 21:23:27 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/25 21:11:23 | 000,302,592 | ---- | C] () -- C:\Users\c0dem4n\Desktop\o0jz4i06.exe
    [2012/06/24 22:39:20 | 000,001,784 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/11/05 14:04:14 | 000,000,285 | ---- | C] () -- C:\Windows\disney.ini
    [2010/12/28 01:18:18 | 000,721,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/12/28 00:46:58 | 000,000,412 | ---- | C] () -- C:\Windows\ka.ini
    [2010/12/24 18:09:48 | 000,000,581 | ---- | C] () -- C:\Users\c0dem4n\AppData\Local\cookies.ini
    [2010/09/10 23:27:57 | 000,023,144 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/09/10 23:25:42 | 000,077,408 | ---- | C] () -- C:\Windows\hpqins05.dat
    [2010/09/10 22:11:37 | 000,166,301 | ---- | C] () -- C:\Windows\hpoins29.dat
    [2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/02/26 18:48:44 | 000,008,592 | ---- | C] () -- C:\Users\c0dem4n\AppData\Local\d3d9caps.dat
    [2009/02/26 18:47:02 | 000,000,732 | ---- | C] () -- C:\Users\c0dem4n\AppData\Local\d3d9caps64.dat
    [2008/12/29 00:04:22 | 000,870,128 | ---- | C] () -- C:\Users\c0dem4n\AppData\Roaming\mcs.rma
    [2008/12/10 03:46:20 | 000,007,048 | ---- | C] () -- C:\Users\c0dem4n\AppData\Roaming\wklnhst.dat
    [2008/11/25 16:11:41 | 000,052,736 | ---- | C] () -- C:\Users\c0dem4n\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2011/04/20 23:49:49 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\.minecraft
    [2012/02/19 16:54:01 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\BitTorrent
    [2010/12/28 00:38:58 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Broderbund
    [2012/06/25 00:44:00 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\DriverCure
    [2010/12/28 00:36:08 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Encore
    [2012/03/31 23:11:30 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Garmin
    [2008/12/28 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\ImgBurn
    [2009/03/21 01:19:13 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\iWin
    [2011/11/05 14:05:28 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Leadertech
    [2011/03/30 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Merscom
    [2012/04/10 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Origin
    [2012/03/28 13:10:57 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Orneon
    [2012/06/25 00:43:59 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\SpeedyPC Software
    [2009/10/11 15:39:58 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Template
    [2009/03/05 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\The Creative Assembly
    [2011/03/24 00:22:48 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Uniblue
    [2011/05/02 20:38:41 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\Unity
    [2012/02/19 16:57:45 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\uTorrent
    [2008/11/14 20:05:10 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\WildTangent
    [2008/11/15 17:00:23 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\WinBatch
    [2012/06/27 00:04:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
    [2012/06/27 00:04:27 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/08/21 04:55:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2010/08/10 19:45:46 | 000,000,500 | ---- | M] () -- C:\FINIS_IT.TXT
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2012/06/27 00:04:20 | 3533,258,751 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/23 23:43:02 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/01 22:15:21 | 000,000,221 | -HS- | M] () -- C:\Users\c0dem4n\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/26 22:20:48 | 004,569,121 | R--- | M] (Swearware) -- C:\Users\c0dem4n\Desktop\ComboFix.exe
    [2012/06/25 20:48:18 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\c0dem4n\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/06/25 20:52:24 | 000,302,592 | ---- | M] () -- C:\Users\c0dem4n\Desktop\o0jz4i06.exe
    [2012/06/26 23:58:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\c0dem4n\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/22 19:00:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2845600061-1872324055-1911129016-1000Core.job
    [2012/06/27 00:00:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2845600061-1872324055-1911129016-1000UA.job
    [2012/06/27 00:04:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
    [2012/06/27 00:04:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/27 00:04:27 | 000,032,550 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/11/14 15:02:40 | 000,000,402 | -HS- | M] () -- C:\Users\c0dem4n\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/10 23:40:56 | 000,002,339 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:0EC7A545
    < End of report >
     
  14. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    Extras.txt from OTL scan results ::

    OTL Extras logfile created on: 6/27/2012 12:09:33 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\c0dem4n\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.00 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 76.08% Memory free
    14.08 Gb Paging File | 12.47 Gb Available in Paging File | 88.54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 583.80 Gb Total Space | 288.76 Gb Free Space | 49.46% Space Free | Partition Type: NTFS
    Drive D: | 12.37 Gb Total Space | 1.69 Gb Free Space | 13.69% Space Free | Partition Type: NTFS
    Drive F: | 15.41 Mb Total Space | 8.08 Mb Free Space | 52.43% Space Free | Partition Type: FAT

    Computer Name: C0DEM4N-PC | User Name: c0dem4n | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 19 E3 61 B1 D3 3C CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2845600061-1872324055-1911129016-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "HP Imaging Device Functions" = HP Imaging Device Functions 11.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 11.0
    "HPOCR" = OCR Software by I.R.I.S. 11.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
    "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{30363C5E-1A3E-43B2-947F-7589DC1DA185}" = JSWPFGrade2
    "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help
    "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A2F0A59-B202-4D2A-9343-A7E5ACE852B7}" = JSWPFCom
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
    "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{B2EB23D7-8AA5-457F-82B8-4F60321A9CC7}" = JSWPFGradeK
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
    "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
    "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
    "BitTorrent" = BitTorrent
    "Diablo III" = Diablo III
    "DVD Shrink_is1" = DVD Shrink 3.2
    "Half-Life" = Half-Life
    "ImgBurn" = ImgBurn
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "JumpStart 3D Ages 4-6" = JumpStart 3D Ages 4-6
    "JumpStart 3D Ages 6-8" = JumpStart 3D Ages 6-8
    "JumpStart Typing" = JumpStart Typing
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mavis Beacon Keyboarding Kidz" = Mavis Beacon Keyboarding Kidz (remove only)
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Reading Blaster Ages 4-6" = Reading Blaster Ages 4-6
    "Reading Blaster Ages 6-8" = Reading Blaster Ages 6-8
    "Sierra Utilities" = Sierra Utilities
    "sp44626" = sp44626
    "StarCraft II" = StarCraft II
    "Steam" = Steam
    "Steam App 22330" = Oblivion: Game of the Year Edition
    "Steam App 240" = Counter-Strike: Source
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "SystemRequirementsLab" = System Requirements Lab
    "Uniblue RegistryBooster" = Uniblue RegistryBooster
    "uTorrent" = µTorrent
    "WildTangent hp Master Uninstall" = My HP Games
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/12/2012 9:39:18 PM | Computer Name = c0dem4n-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 1/12/2012 9:40:01 PM | Computer Name = c0dem4n-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 1/12/2012 9:40:02 PM | Computer Name = c0dem4n-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 1/12/2012 9:40:03 PM | Computer Name = c0dem4n-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 1/12/2012 9:40:04 PM | Computer Name = c0dem4n-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 1/12/2012 9:40:30 PM | Computer Name = c0dem4n-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 1/13/2012 2:30:11 PM | Computer Name = c0dem4n-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/14/2012 7:33:58 PM | Computer Name = c0dem4n-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/15/2012 1:05:27 AM | Computer Name = c0dem4n-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/16/2012 6:02:47 PM | Computer Name = c0dem4n-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 6/26/2012 11:52:47 PM | Computer Name = c0dem4n-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 6/26/2012 11:57:17 PM | Computer Name = c0dem4n-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/26/2012 11:58:37 PM | Computer Name = c0dem4n-PC | Source = Service Control Manager | ID = 7038
    Description =

    Error - 6/26/2012 11:58:37 PM | Computer Name = c0dem4n-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/27/2012 1:04:27 AM | Computer Name = c0dem4n-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description =

    Error - 6/27/2012 1:05:01 AM | Computer Name = c0dem4n-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/27/2012 1:06:00 AM | Computer Name = c0dem4n-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 6/27/2012 1:06:00 AM | Computer Name = c0dem4n-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 6/27/2012 1:08:04 AM | Computer Name = c0dem4n-PC | Source = Service Control Manager | ID = 7038
    Description =

    Error - 6/27/2012 1:08:04 AM | Computer Name = c0dem4n-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
      [2012/06/25 00:43:59 | 000,000,000 | ---D | M] -- C:\Users\c0dem4n\AppData\Roaming\SpeedyPC Software
      [2012/06/27 00:04:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
      @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:0EC7A545
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    OTL Fix results ::

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Folder C:\Users\c0dem4n\AppData\Roaming\SpeedyPC Software\ not found.
    File C:\Windows\Tasks\RegistryBooster.job not found.
    Unable to delete ADS C:\ProgramData\Temp:0EC7A545 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: c0dem4n
    ->Temp folder emptied: 36864 bytes
    ->Temporary Internet Files folder emptied: 693475722 bytes
    ->Java cache emptied: 10181580 bytes
    ->FireFox cache emptied: 70079366 bytes
    ->Google Chrome cache emptied: 6949083 bytes
    ->Flash cache emptied: 32674 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 155648 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 266651 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 81129043 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 822.00 mb


    [EMPTYJAVA]

    User: All Users

    User: c0dem4n
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: c0dem4n
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.0 log created on 06272012_122903
    Files\Folders moved on Reboot...
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ONWN0A\billboard[1].htm moved successfully.
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ONWN0A\billboard[2].htm moved successfully.
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ONWN0A\billboard[1].htm not found!
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ONWN0A\billboard[2].htm not found!
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
    [2009/10/07 01:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
    [2009/10/07 01:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5
    Registry entries deleted on Reboot...
     
  17. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    SecurityCheck results ::

    Results of screen317's Security Check version 0.99.24
    Windows Vista x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 26
    Out of date Java installed!
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
     
  18. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    FSS scan results ::

    Farbar Service Scanner Version: 25-06-2012 01
    Ran by c0dem4n (administrator) on 27-06-2012 at 12:49:35
    Running from "C:\Users\c0dem4n\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll
    [2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2009-09-23 22:46] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 17:15] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-11 20:24] - [2012-03-30 07:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A
    C:\Windows\System32\dnsrslvr.dll
    [2011-04-16 09:59] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
    C:\Windows\System32\mpssvc.dll
    [2009-09-23 22:46] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
    C:\Windows\System32\bfe.dll
    [2009-09-23 22:46] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018
    C:\Windows\System32\vssvc.exe
    [2009-09-23 22:46] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
    C:\Windows\System32\wscsvc.dll
    [2009-09-23 22:46] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
    C:\Windows\System32\wbem\WMIsvc.dll
    [2009-09-23 22:46] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll
    [2009-09-23 22:46] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
    C:\Windows\System32\es.dll
    [2009-09-23 22:46] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
    C:\Windows\System32\cryptsvc.dll
    [2012-06-12 16:30] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
    C:\Program Files\Windows Defender\MpSvc.dll
    [2008-01-20 21:47] - [2008-01-20 21:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-09-23 22:46] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

    **** End of log ****
     
  19. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    ESET log results ::

    C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Users\c0dem4n\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe a variant of Win32/RegistryBooster application deleted - quarantined
    C:\Users\c0dem4n\Documents\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
     
  20. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==========================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    OTL results ::

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: c0dem4n
    ->Temp folder emptied: 589668 bytes
    ->Temporary Internet Files folder emptied: 14522823 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 247741 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: All Users

    User: c0dem4n
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: c0dem4n
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.0 log created on 06272012_180304
    Files\Folders moved on Reboot...
    C:\Users\c0dem4n\AppData\Local\Temp\Low\REGAC4B.tmp moved successfully.
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MA9S0987\bizo_multi[1].htm moved successfully.
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MA9S0987\partner[1].htm moved successfully.
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MA9S0987\partner[2].htm moved successfully.
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I2Y5WTRX\andes_c[1].htm moved successfully.
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    File C:\Users\c0dem4n\AppData\Local\Temp\Low\REGAC4B.tmp not found!
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MA9S0987\bizo_multi[1].htm not found!
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MA9S0987\partner[1].htm not found!
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MA9S0987\partner[2].htm not found!
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I2Y5WTRX\andes_c[1].htm not found!
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\c0dem4n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
    [2009/10/07 01:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
    [2009/10/07 01:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5
    Registry entries deleted on Reboot...
     
  22. StratAtk01

    StratAtk01 TS Rookie Topic Starter

    Wow, could not be happier right now. Computer is doing great, just running all the security scans before I continue with regular use. Thanks so much!!!
     
  23. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...