TechSpot

Sirefef.Y Infection

By Terry Ramsey
Jul 3, 2012
  1. Hello. My computer became infected on the weekend with Sirefef.Y and is suffering from constant reboots 1 minute after startup, even in Safe Mode. Microsoft Security Essentials reported the infection in the C:\Windows\System32\services.exe file, but is unable to do anything before the reboot occurs.

    I used Farbar Recovery Scan Tool 64-bit to scan my Windows 7 Pro install. Here is the result of that scan. Thanks in advance for any assitance you can provide.


    Scan result of Farbar Recovery Scan Tool Version: 03-07-2012 01
    Ran by SYSTEM at 03-07-2012 23:52:38
    Running from K:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet002
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12681320 2011-08-26] (Realtek Semiconductor)
    HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [6868280 2012-05-21] (Logitech Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [390720 2011-02-01] (Acronis)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281240 2012-06-12] (Microsoft Corporation)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5550984 2011-09-22] (Acronis)
    HKLM-x32\...\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [1993216 2011-08-18] (SteelSeries)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
    HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [938680 2012-04-17] (iolo technologies, LLC)
    HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKU\Mcx1-ZOMBIE\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
    HKU\Terry\...\Run: [DCD5A9DEF340132AE028E0C7EC112B0A9A533117._service_run] "C:\Users\Terry\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service [1239576 2012-06-07] (Google Inc.)
    HKU\Terry\...\Run: [Google Update] "C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-27] (Google Inc.)
    HKU\Terry\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [4480456 2012-05-31] (Binary Fortress Software)
    Winlogon\Notify\WB:
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Startup: C:\Users\Terry\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    ==================== Services (Whitelisted) ======
    2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1112240 2011-02-01] (Acronis)
    2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-11-01] (Acronis)
    2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
    2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1047336 2012-04-17] (iolo technologies, LLC)
    2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [519848 2012-06-20] (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22024 2012-06-12] (Microsoft Corporation)
    2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [58345832 2011-09-22] (Microsoft Corporation)
    4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    2 PDAgent; "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" [2610952 2011-03-15] (Raxco Software, Inc.)
    3 PDEngine; "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" [2266376 2011-03-15] (Raxco Software, Inc.)
    4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [431464 2011-09-22] (Microsoft Corporation)
    3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
    2 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
    3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
    ========================== Drivers (Whitelisted) =============
    3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [285280 2011-11-01] (Acronis)
    1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
    3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [29808 2012-05-14] ()
    0 snapman; C:\Windows\System32\Drivers\snapman.sys [277088 2011-11-01] (Acronis)
    3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-11-22] (Sagatek Co. Ltd.)
    0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2011-11-01] (Acronis)
    0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [970336 2011-11-01] (Acronis)
    3 ALSysIO; \??\C:\Users\Terry\AppData\Local\Temp\ALSysIO64.sys [x]
    3 cpuz130; \??\C:\Users\Terry\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-07-01 03:24 - 2012-07-01 03:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B92342094B39691
    2012-07-01 03:21 - 2012-07-01 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F71791E6ADEA137E
    2012-07-01 03:18 - 2012-07-01 03:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B08B0339D2F11D5D
    2012-07-01 03:15 - 2012-07-01 03:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.041812FB36CB7781
    2012-07-01 03:12 - 2012-07-01 03:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F18242F2631952A
    2012-07-01 03:09 - 2012-07-01 03:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D670B6C8846630E
    2012-07-01 03:06 - 2012-07-01 03:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAFD3F03A41E7183
    2012-07-01 03:06 - 2012-07-01 03:06 - 00001272 ____A C:\Users\Terry\Desktop\shutdown.lnk
    2012-07-01 02:58 - 2012-07-01 02:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC62FC97DFA59B3F
    2012-06-30 19:32 - 2012-06-30 19:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BA2AF81B98BC5B0
    2012-06-30 19:29 - 2012-06-30 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB37322D34C32672
    2012-06-30 19:22 - 2012-06-30 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ECF47747A84213B6
    2012-06-30 18:22 - 2012-06-30 18:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B3B255BEFD6BEBE0
    2012-06-30 18:16 - 2012-06-30 18:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C5332E139D0F0A3
    2012-06-30 18:11 - 2012-06-30 18:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D67820F321D98719
    2012-06-30 18:05 - 2012-06-30 18:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C56C36903F0B5EAD
    2012-06-30 18:00 - 2012-06-30 18:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-30 18:00 - 2012-06-30 18:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-30 17:57 - 2012-06-30 17:57 - 13123288 ____A (Microsoft Corporation) C:\Users\Terry\Downloads\mse_x64_prerelease_install.exe
    2012-06-30 17:47 - 2012-06-30 17:47 - 00000000 ____D C:\Users\Terry\AppData\Local\{B3D7BE25-3E4D-4078-9912-6E3CB803BE84}
    2012-06-30 17:47 - 2012-06-30 17:47 - 00000000 ____D C:\Users\Terry\AppData\Local\{774629D3-6A3A-4C4E-8D1B-8B122E2D57CE}
    2012-06-29 14:15 - 2012-06-29 14:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-29 06:11 - 2012-06-29 06:11 - 00000000 ____D C:\Users\Terry\AppData\Local\{C33E6D85-481A-4F89-A854-C46C94037CF5}
    2012-06-29 06:11 - 2012-06-29 06:11 - 00000000 ____D C:\Users\Terry\AppData\Local\{6EFFB769-92C9-4B4E-8DA7-457E2D32EBBA}
    2012-06-28 19:30 - 2012-06-28 19:30 - 00000032 ____A C:\Users\Terry\Documents\new music.txt
    2012-06-28 17:49 - 2012-06-28 17:49 - 00000000 ____D C:\Users\Terry\AppData\Local\{45122428-7B84-4F2E-89E4-BB30DACD0492}
    2012-06-28 17:48 - 2012-06-28 17:49 - 00000000 ____D C:\Users\Terry\AppData\Local\{ED30F8BB-605C-48D2-BF1A-DF27568742EE}
    2012-06-27 19:10 - 2012-06-27 19:10 - 00001624 ____A C:\Users\Terry\Desktop\Widescreen Desktops - Shortcut.lnk
    2012-06-26 11:43 - 2012-06-26 11:43 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-26 11:38 - 2012-06-26 11:39 - 39483256 ____A (Apple Inc.) C:\Users\Terry\Downloads\QuickTimeInstaller.exe
    2012-06-25 14:08 - 2012-06-25 14:08 - 00000000 ____D C:\Users\Terry\AppData\Local\{B0AAA51F-BD9D-46E5-890F-78173ADF8145}
    2012-06-25 14:07 - 2012-06-25 14:07 - 00000000 ____D C:\Users\Terry\AppData\Local\{45F795ED-DA92-4B9A-AFD7-B0C179D80C5E}
    2012-06-24 11:13 - 2012-06-24 11:13 - 01578684 ____A C:\Users\Terry\Downloads\race inc.rpy
    2012-06-23 07:23 - 2012-06-23 07:24 - 00000000 ____D C:\Users\Terry\AppData\Local\{1E2E311D-F0AB-45F6-8E68-8E7801C67BD5}
    2012-06-23 07:23 - 2012-06-23 07:23 - 00000000 ____D C:\Users\Terry\AppData\Local\{BF3BE502-F00A-4BAF-965C-12C6AEA4DC8F}
    2012-06-22 02:25 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-22 02:25 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-22 02:25 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-22 02:25 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-22 02:25 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-22 02:25 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-22 02:25 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-22 02:25 - 2012-06-02 10:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-22 02:25 - 2012-06-02 10:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 19:06 - 2012-06-21 19:06 - 130832904 ____A (Lightworks) C:\Users\Terry\Downloads\setup_v11_full.exe
    2012-06-21 18:12 - 2012-06-21 18:12 - 00000000 ____D C:\Users\Terry\AppData\Local\{D04FC8E9-D119-4785-9D43-6FF48014BABF}
    2012-06-21 06:12 - 2012-06-21 06:12 - 00000000 ____D C:\Users\Terry\AppData\Local\{942D43A2-07A5-45B7-B363-286B4D3A4663}
    2012-06-21 06:11 - 2012-06-21 06:12 - 00000000 ____D C:\Users\Terry\AppData\Local\{7D799D8F-B88E-44DF-9954-E7DD9DF02BFC}
    2012-06-20 19:02 - 2012-06-20 19:02 - 02688920 ____A C:\Users\Terry\Downloads\GyroscopicTrackIRView.zip
    2012-06-20 19:02 - 2012-06-20 19:02 - 00007351 ____A C:\Users\Terry\Downloads\Motion_Cockpit_View.ini
    2012-06-20 08:49 - 2012-06-29 05:16 - 00000127 ____A C:\Users\Terry\Documents\default.html
    2012-06-20 06:38 - 2012-06-20 06:38 - 00000000 ____D C:\Users\Terry\AppData\Local\{A76E65F2-C3B0-4023-AA5C-DD3606AD526A}
    2012-06-20 06:38 - 2012-06-20 06:38 - 00000000 ____D C:\Users\Terry\AppData\Local\{2B771B38-7954-4382-B4E2-4C6500560177}
    2012-06-20 05:58 - 2012-06-20 05:58 - 08135064 ____A C:\Users\Terry\Downloads\iSpeed3.3.0.0.exe
    2012-06-20 05:55 - 2012-06-20 05:57 - 00001093 ____A C:\Users\Terry\Desktop\GearSound.lnk
    2012-06-20 05:52 - 2012-06-20 05:58 - 00000000 ____D C:\Program Files (x86)\GearSound
    2012-06-20 05:50 - 2012-06-20 05:49 - 00027324 ____A C:\Users\Terry\Downloads\GearSound.rar
    2012-06-18 16:45 - 2012-06-18 16:45 - 00000000 ____D C:\Users\Terry\Documents\Office 2010
    2012-06-18 15:46 - 2012-06-18 15:46 - 00000000 ____D C:\Users\Terry\AppData\Local\{E02661B5-53F4-4EF5-B1A1-119F994CD483}
    2012-06-14 18:46 - 2012-06-14 18:47 - 00000000 ____D C:\Users\Terry\AppData\Local\{FFAE15D8-B6B3-489F-B06E-BCC12CCFD64E}
    2012-06-12 16:19 - 2012-06-12 16:19 - 00000000 ____D C:\Users\Terry\AppData\Local\{5088EB43-F787-4C19-9F7F-A13B76F911BF}
    2012-06-12 16:19 - 2012-06-12 16:19 - 00000000 ____D C:\Users\Terry\AppData\Local\{1C00728F-87C0-46E3-9C6F-787F7BD99EA4}
    2012-06-12 16:19 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-12 16:19 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-12 16:19 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-12 16:19 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-12 16:19 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-12 16:19 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-12 16:19 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-12 16:19 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-12 16:19 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-12 16:19 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-12 16:19 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-12 16:19 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-12 16:19 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-12 16:19 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-12 16:19 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-12 16:19 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-12 16:19 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-12 16:19 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-12 16:19 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-12 16:19 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-12 16:19 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-12 16:19 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-12 16:19 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-12 16:19 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-12 16:19 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-12 16:19 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-12 16:19 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-12 16:19 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 16:19 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-06-12 16:19 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-06-12 14:57 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 14:57 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 14:57 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 14:57 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 14:57 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-12 14:57 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-12 14:57 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 14:57 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 14:57 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 14:57 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-12 14:57 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-12 14:57 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-12 14:57 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-12 14:57 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-12 14:57 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-12 14:57 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-12 14:57 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-11 12:40 - 2012-06-11 12:40 - 00000000 ____D C:\Users\Terry\AppData\Local\{E8861517-5030-43B5-91E4-0693645BD47F}
    2012-06-11 12:40 - 2012-06-11 12:40 - 00000000 ____D C:\Users\Terry\AppData\Local\{47708FEC-68D2-4BCA-ABC7-18D88FF24FF7}
    2012-06-10 18:03 - 2012-06-10 18:03 - 00000000 ____D C:\Users\Terry\AppData\Local\{3E55C930-6F44-4067-AAB1-8A32017AEAD8}
    2012-06-10 18:03 - 2012-06-10 18:03 - 00000000 ____D C:\Users\Terry\AppData\Local\{3DDF850F-DF5A-48D4-B08C-F3A9F0833CE5}
    2012-06-07 17:38 - 2012-06-07 17:38 - 00000000 ____D C:\Users\Terry\AppData\Local\{A5E96585-3C46-4124-996F-982FC396E50E}
    2012-06-07 17:38 - 2012-06-07 17:38 - 00000000 ____D C:\Users\Terry\AppData\Local\{805BE2A2-3323-4ABC-B719-23A5D55523FB}
    2012-06-06 16:53 - 2012-06-06 16:54 - 00000000 ____D C:\Users\Terry\AppData\Local\{E7CE6FE7-DBD2-4D9B-9EB0-EB1B1BB41165}
    2012-06-06 16:53 - 2012-06-06 16:53 - 00000000 ____D C:\Users\Terry\AppData\Local\{399445E1-7756-42F1-94EE-C21E1A0F1E62}
    2012-06-05 02:29 - 2012-06-05 02:29 - 00227688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-06-05 02:29 - 2012-06-05 02:29 - 00117464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-06-04 19:13 - 2012-06-04 19:13 - 00000000 ____D C:\Users\Terry\AppData\Local\{302CB654-AE4F-43E0-B161-40F15DF42026}
    2012-06-04 19:12 - 2012-06-04 19:12 - 00000000 ____D C:\Users\Terry\AppData\Local\{D1266BCD-CA2A-43E0-BA4E-492FF43233D3}

    ============ 3 Months Modified Files ========================
    2012-07-03 18:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-03 18:46 - 2009-07-13 20:51 - 00013614 ____A C:\Windows\setupact.log
    2012-07-03 18:45 - 2012-04-22 05:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-01 22:12 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-01 03:24 - 2012-07-01 03:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B92342094B39691
    2012-07-01 03:21 - 2012-07-01 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F71791E6ADEA137E
    2012-07-01 03:18 - 2012-07-01 03:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B08B0339D2F11D5D
    2012-07-01 03:16 - 2011-09-27 17:54 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069959320-3649819413-638127054-1001UA.job
    2012-07-01 03:15 - 2012-07-01 03:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.041812FB36CB7781
    2012-07-01 03:12 - 2012-07-01 03:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F18242F2631952A
    2012-07-01 03:09 - 2012-07-01 03:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D670B6C8846630E
    2012-07-01 03:06 - 2012-07-01 03:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAFD3F03A41E7183
    2012-07-01 03:06 - 2012-07-01 03:06 - 00001272 ____A C:\Users\Terry\Desktop\shutdown.lnk
    2012-07-01 02:58 - 2012-07-01 02:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC62FC97DFA59B3F
    2012-06-30 19:32 - 2012-06-30 19:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BA2AF81B98BC5B0
    2012-06-30 19:29 - 2012-06-30 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB37322D34C32672
    2012-06-30 19:22 - 2012-06-30 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ECF47747A84213B6
    2012-06-30 19:21 - 2011-09-27 17:41 - 00046140 ____A C:\Windows\PFRO.log
    2012-06-30 18:22 - 2012-06-30 18:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B3B255BEFD6BEBE0
    2012-06-30 18:16 - 2012-06-30 18:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C5332E139D0F0A3
    2012-06-30 18:11 - 2012-06-30 18:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D67820F321D98719
    2012-06-30 18:05 - 2012-06-30 18:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C56C36903F0B5EAD
    2012-06-30 18:01 - 2011-09-27 17:39 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-30 18:01 - 2011-09-27 17:05 - 01208275 ____A C:\Windows\WindowsUpdate.log
    2012-06-30 18:01 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-30 18:01 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-30 17:57 - 2012-06-30 17:57 - 13123288 ____A (Microsoft Corporation) C:\Users\Terry\Downloads\mse_x64_prerelease_install.exe
    2012-06-30 17:54 - 2011-10-15 14:16 - 00000362 _RASH C:\Users\All Users\ntuser.pol
    2012-06-29 14:12 - 2012-04-22 05:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-29 14:12 - 2011-10-06 15:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-29 12:16 - 2011-09-27 17:54 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069959320-3649819413-638127054-1001Core.job
    2012-06-29 06:09 - 2009-07-13 21:13 - 00872406 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-29 05:16 - 2012-06-20 08:49 - 00000127 ____A C:\Users\Terry\Documents\default.html
    2012-06-28 19:30 - 2012-06-28 19:30 - 00000032 ____A C:\Users\Terry\Documents\new music.txt
    2012-06-27 19:10 - 2012-06-27 19:10 - 00001624 ____A C:\Users\Terry\Desktop\Widescreen Desktops - Shortcut.lnk
    2012-06-26 11:39 - 2012-06-26 11:38 - 39483256 ____A (Apple Inc.) C:\Users\Terry\Downloads\QuickTimeInstaller.exe
    2012-06-25 09:57 - 2009-07-13 20:45 - 04968720 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-24 11:13 - 2012-06-24 11:13 - 01578684 ____A C:\Users\Terry\Downloads\race inc.rpy
    2012-06-21 19:06 - 2012-06-21 19:06 - 130832904 ____A (Lightworks) C:\Users\Terry\Downloads\setup_v11_full.exe
    2012-06-20 19:02 - 2012-06-20 19:02 - 02688920 ____A C:\Users\Terry\Downloads\GyroscopicTrackIRView.zip
    2012-06-20 19:02 - 2012-06-20 19:02 - 00007351 ____A C:\Users\Terry\Downloads\Motion_Cockpit_View.ini
    2012-06-20 05:58 - 2012-06-20 05:58 - 08135064 ____A C:\Users\Terry\Downloads\iSpeed3.3.0.0.exe
    2012-06-20 05:57 - 2012-06-20 05:55 - 00001093 ____A C:\Users\Terry\Desktop\GearSound.lnk
    2012-06-20 05:49 - 2012-06-20 05:50 - 00027324 ____A C:\Users\Terry\Downloads\GearSound.rar
    2012-06-12 16:23 - 2011-09-27 18:14 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-05 02:29 - 2012-06-05 02:29 - 00227688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-06-05 02:29 - 2012-06-05 02:29 - 00117464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-06-02 14:19 - 2012-06-22 02:25 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-22 02:25 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-22 02:25 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-22 02:25 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-22 02:25 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-22 02:25 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-22 02:25 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 10:19 - 2012-06-22 02:25 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 10:15 - 2012-06-22 02:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 10:44 - 2012-06-01 10:14 - 3515703296 ____A C:\Users\Terry\Downloads\Windows8-ReleasePreview-64bit-English.iso
    2012-06-01 10:14 - 2012-06-01 10:13 - 05350616 ____A (Microsoft Corporation) C:\Users\Terry\Downloads\Windows8-ReleasePreview-UpgradeAssistant.exe
    2012-05-30 06:23 - 2012-05-30 06:23 - 38561640 ____A (Google Inc.) C:\Users\Terry\Downloads\GoogleSketchUpWEN.exe
    2012-05-24 09:45 - 2012-05-24 09:45 - 109597495 ____A C:\Users\Terry\Downloads\23 and 12 hours What is the single best thing we can do for our health.mp4
    2012-05-24 03:11 - 2012-05-24 03:11 - 00001597 ____A C:\Users\Terry\Desktop\BingDesktop - Shortcut.lnk
    2012-05-23 14:32 - 2012-05-23 14:33 - 00309068 ____A C:\Users\Terry\Downloads\leafygreen.potx
    2012-05-22 18:41 - 2012-05-22 18:41 - 01004561 ____A C:\Users\Terry\Downloads\puzzle-swatch.ai.zip
    2012-05-22 13:47 - 2012-05-22 13:39 - 735358976 ____A C:\Users\Terry\Downloads\ubuntu-12.04-desktop-i386.iso
    2012-05-22 12:35 - 2012-05-22 12:32 - 168454136 ____A (NVIDIA Corporation) C:\Users\Terry\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
    2012-05-17 19:24 - 2012-05-17 19:24 - 04932517 ____A C:\Users\Terry\Downloads\dir645_manual_100.zip
    2012-05-17 18:47 - 2012-06-12 16:19 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-12 16:19 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-12 16:19 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-12 16:19 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-12 16:19 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-12 16:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-12 16:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-12 16:19 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-12 16:19 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-12 16:19 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-12 16:19 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-12 16:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-12 16:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-12 16:19 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-12 16:19 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-12 16:19 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-12 16:19 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-12 16:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-12 16:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-12 16:19 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-12 16:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-12 16:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-12 16:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-12 16:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-12 16:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-12 16:19 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-12 16:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-12 16:19 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-17 03:40 - 2011-09-27 17:39 - 00889500 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-05-16 18:42 - 2012-05-16 17:38 - 2048196608 ____A C:\Users\Terry\Downloads\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso
    2012-05-15 02:48 - 2012-05-22 12:44 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-05-22 12:44 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-05-22 12:44 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 02:48 - 2012-03-13 19:02 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 02:48 - 2012-03-13 19:02 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 02:48 - 2011-10-30 06:26 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2011-10-30 06:26 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2011-10-30 06:26 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2011-10-30 06:26 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2011-05-21 01:01 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 02:48 - 2011-05-21 01:01 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 02:48 - 2009-07-13 13:59 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 01:29 - 2011-09-27 18:09 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2011-09-27 18:09 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2011-09-27 18:09 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2011-09-27 18:09 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:28 - 2011-09-27 18:09 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-14 21:21 - 2012-05-14 21:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
    2012-05-14 19:34 - 2012-05-14 19:34 - 00654920 ____A C:\Users\Terry\Downloads\mtinst.exe
    2012-05-14 19:09 - 2012-05-14 19:09 - 07331459 ____A (Blizzard Entertainment) C:\Users\Terry\Downloads\Diablo-III-Setup-enGB.exe
    2012-05-14 18:46 - 2012-05-14 18:43 - 12621696 ____A (Microsoft Corporation) C:\Users\Terry\Downloads\mseinstall.exe
    2012-05-14 18:29 - 2012-05-14 18:29 - 00029808 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
    2012-05-14 18:15 - 2012-05-14 18:15 - 00002560 ____A C:\Windows\_MSRSTRT.EXE
    2012-05-14 17:32 - 2012-06-12 14:57 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-12 13:23 - 2012-05-12 13:23 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dll
    2012-05-12 07:53 - 2012-05-12 07:53 - 03877872 ____A (AVG Technologies) C:\Users\Terry\Downloads\avg_free_stb_all_2012_2171_cnet.exe
    2012-05-06 11:45 - 2012-05-06 11:45 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-04 03:14 - 2012-05-04 03:14 - 05134840 ____A (Binary Fortress Software ) C:\Users\Terry\Downloads\DisplayFusionSetup-4.0.exe
    2012-05-04 03:06 - 2012-06-12 14:57 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-06-12 16:19 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-12 14:57 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 14:57 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-06-12 16:19 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-05-03 05:42 - 2012-05-03 05:42 - 00396288 ____A () C:\Users\Terry\Downloads\Setup.exe
    2012-04-30 21:40 - 2012-06-12 14:57 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 18:05 - 2012-04-30 18:05 - 07336664 ____A (Blizzard Entertainment) C:\Users\Terry\Downloads\Diablo-III-8370-enGB-Installer-downloader.exe
    2012-04-27 19:55 - 2012-06-12 14:57 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-12 14:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 14:57 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 14:57 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-25 15:31 - 2012-04-25 15:31 - 02698752 ____A C:\Users\Terry\Downloads\Chronic_Neuropathic_Pain-Slides_Pierce-Smith.ppt
    2012-04-25 15:25 - 2012-04-25 15:25 - 01513472 ____A C:\Users\Terry\Downloads\AgrAbilityLivingwithChronicPain.ppt
    2012-04-23 21:37 - 2012-06-12 14:57 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-12 14:57 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-12 14:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-12 14:57 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-12 14:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-12 14:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-22 05:36 - 2012-04-22 05:36 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg
    2012-04-18 19:22 - 2012-04-18 19:22 - 00286720 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
    2012-04-18 19:22 - 2012-04-18 19:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
    2012-04-18 15:56 - 2012-04-18 15:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 15:56 - 2012-04-18 15:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-18 03:34 - 2011-11-22 07:21 - 00001072 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-04-18 03:32 - 2012-04-08 16:26 - 22259528 ____A C:\Users\Terry\Downloads\vlc-2.0.1-win32.exe
    2012-04-17 05:11 - 2012-03-15 12:29 - 00049152 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
    2012-04-17 05:11 - 2012-03-15 12:29 - 00017920 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
    2012-04-17 04:37 - 2012-04-21 02:18 - 02154032 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll
    2012-04-17 04:37 - 2012-03-15 12:29 - 02095816 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
    2012-04-17 03:25 - 2012-03-15 12:30 - 00031432 ____A (EldoS Corporation) C:\Windows\System32\Drivers\ElRawDsk.sys
    2012-04-16 16:36 - 2011-09-27 17:21 - 00110728 ____A C:\Users\Terry\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-04-10 13:44 - 2009-07-13 18:34 - 00000531 ____A C:\Windows\win.ini
    2012-04-10 11:42 - 2012-04-10 11:42 - 01639789 ____A C:\Users\Terry\Downloads\winrar-x64-411.exe
    2012-04-10 11:41 - 2012-04-10 11:41 - 01669854 ____A C:\Users\Terry\Downloads\winrar-x64-411a.exe
    2012-04-07 11:34 - 2012-04-07 11:34 - 02031465 ____A C:\Users\Terry\Downloads\Mac OS X Tiger.wba
    2012-04-07 04:31 - 2012-06-12 14:57 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-12 14:57 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-05 06:53 - 2012-04-05 06:53 - 68404936 ____A C:\Users\Terry\Downloads\WindowBlinds7_public.exe
    ZeroAccess:
    C:\Windows\Installer\{4a0ce653-f62d-1574-556d-c223afaf8a7a}
    C:\Windows\Installer\{4a0ce653-f62d-1574-556d-c223afaf8a7a}\@
    C:\Windows\Installer\{4a0ce653-f62d-1574-556d-c223afaf8a7a}\L
    C:\Windows\Installer\{4a0ce653-f62d-1574-556d-c223afaf8a7a}\U
    C:\Windows\Installer\{4a0ce653-f62d-1574-556d-c223afaf8a7a}\U\00000001.@
    ZeroAccess:
    C:\Users\Terry\AppData\Local\{4a0ce653-f62d-1574-556d-c223afaf8a7a}
    C:\Users\Terry\AppData\Local\{4a0ce653-f62d-1574-556d-c223afaf8a7a}\@
    C:\Users\Terry\AppData\Local\{4a0ce653-f62d-1574-556d-c223afaf8a7a}\L
    C:\Users\Terry\AppData\Local\{4a0ce653-f62d-1574-556d-c223afaf8a7a}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe FCB084FA3DCB7449F3BAA13312A215B4 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 12%
    Total physical RAM: 6135.14 MB
    Available physical RAM: 5338.25 MB
    Total Pagefile: 6133.34 MB
    Available Pagefile: 5345.95 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (System) (Fixed) (Total:750 GB) (Free:312.57 GB) NTFS
    2 Drive d: (Stuff) (Fixed) (Total:596.17 GB) (Free:424.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: () (Fixed) (Total:596.17 GB) (Free:577.26 GB) NTFS
    4 Drive f: (Media Backup) (Fixed) (Total:931.51 GB) (Free:320.5 GB) NTFS
    5 Drive g: (System Backup) (Fixed) (Total:1397.26 GB) (Free:69.62 GB) NTFS
    6 Drive I: (Media) (Fixed) (Total:1112.92 GB) (Free:514.42 GB) NTFS
    7 Drive j: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    8 Drive k: () (Removable) (Total:0.49 GB) (Free:0.49 GB) FAT
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1863 GB 1024 KB
    Disk 1 Online 596 GB 3072 KB
    Disk 2 Online 596 GB 3072 KB
    Disk 3 Online 931 GB 0 B
    Disk 4 Online 1397 GB 0 B
    Disk 5 Online 499 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 750 GB 101 MB
    Partition 3 Primary 1112 GB 750 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C System NTFS Partition 750 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 I Media NTFS Partition 1112 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 596 GB 1024 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D Stuff NTFS Partition 596 GB Healthy
    ==================================================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 596 GB 1024 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 E NTFS Partition 596 GB Healthy
    ==================================================================================
    Partitions of Disk 3:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB
    ==================================================================================
    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 F Media Backu NTFS Partition 931 GB Healthy
    ==================================================================================
    Partitions of Disk 4:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1397 GB 1024 KB
    ==================================================================================
    Disk: 4
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 G System Back NTFS Partition 1397 GB Healthy
    ==================================================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 499 MB 16 KB
    ==================================================================================
    Disk: 5
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K FAT Removable 499 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-06-28 09:55
    ======================= End Of Log ==========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  3. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    Farbar Recovery Scan Tool Version: 03-07-2012 01
    Ran by SYSTEM at 2012-07-04 06:19:46
    Running from K:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-07-01 22:12] - 0328704 ____A (Microsoft Corporation) FCB084FA3DCB7449F3BAA13312A215B4
    ====== End Of Search ======
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  5. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-07-2012 01
    Ran by SYSTEM at 2012-07-04 16:46:03 Run:1
    Running from K:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\services.exe.3B92342094B39691 moved successfully.
    C:\Windows\System32\services.exe.F71791E6ADEA137E moved successfully.
    C:\Windows\System32\services.exe.B08B0339D2F11D5D moved successfully.
    C:\Windows\System32\services.exe.041812FB36CB7781 moved successfully.
    C:\Windows\System32\services.exe.1F18242F2631952A moved successfully.
    C:\Windows\System32\services.exe.6D670B6C8846630E moved successfully.
    C:\Windows\System32\services.exe.DAFD3F03A41E7183 moved successfully.
    C:\Windows\System32\services.exe.AC62FC97DFA59B3F moved successfully.
    C:\Windows\System32\services.exe.8BA2AF81B98BC5B0 moved successfully.
    C:\Windows\System32\services.exe.EB37322D34C32672 moved successfully.
    C:\Windows\System32\services.exe.ECF47747A84213B6 moved successfully.
    C:\Windows\System32\services.exe.B3B255BEFD6BEBE0 moved successfully.
    C:\Windows\System32\services.exe.4C5332E139D0F0A3 moved successfully.
    C:\Windows\System32\services.exe.D67820F321D98719 moved successfully.
    C:\Windows\System32\services.exe.C56C36903F0B5EAD moved successfully.
    C:\Windows\Installer\{4a0ce653-f62d-1574-556d-c223afaf8a7a} moved successfully.
    C:\Users\Terry\AppData\Local\{4a0ce653-f62d-1574-556d-c223afaf8a7a} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====


    ComboFix 12-07-04.04 - Terry 2012-07-04 17:00:30.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.3967 [GMT -3:00]
    Running from: c:\users\Terry\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials Prerelease *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials Prerelease *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 20:07 . 2012-07-04 20:0769000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{805CD8DD-889E-4295-BC7E-CDDF334E39FE}\offreg.dll
    2012-07-04 20:05 . 2012-07-04 20:05--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-07-04 20:05 . 2012-07-04 20:05--------d-----w-c:\users\Mcx1-ZOMBIE\AppData\Local\temp
    2012-07-04 20:05 . 2012-07-04 20:05--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-04 07:52 . 2012-07-04 07:52--------d-----w-C:\FRST
    2012-07-02 23:12 . 2012-07-04 20:09--------d-----w-c:\users\Terry\AppData\Local\Temp
    2012-07-01 02:02 . 2012-06-18 06:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{805CD8DD-889E-4295-BC7E-CDDF334E39FE}\mpengine.dll
    2012-07-01 02:00 . 2012-07-01 02:00--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-07-01 02:00 . 2012-07-01 02:00--------d-----w-c:\program files\Microsoft Security Client
    2012-06-29 22:15 . 2012-06-29 22:15--------d-sh--w-c:\windows\system32\%APPDATA%
    2012-06-26 19:43 . 2012-06-26 19:43159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-06-26 19:43 . 2012-06-26 19:43159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-06-26 19:43 . 2012-06-26 19:43159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-06-26 19:43 . 2012-06-26 19:43159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-06-26 19:43 . 2012-06-26 19:43159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-06-26 19:43 . 2012-06-26 19:43159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-06-26 19:43 . 2012-06-26 19:43159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-06-26 19:43 . 2012-06-26 19:43--------d-----w-c:\program files (x86)\QuickTime
    2012-06-22 10:25 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-22 10:25 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-22 10:25 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-22 10:25 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-22 10:25 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-22 10:25 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-22 10:25 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-22 10:25 . 2012-06-02 18:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-22 10:25 . 2012-06-02 18:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-20 13:52 . 2012-06-20 13:58--------d-----w-c:\program files (x86)\GearSound
    2012-06-12 22:57 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-05 10:29 . 2012-06-05 10:29227688----a-w-c:\windows\system32\drivers\MpFilter.sys
    2012-06-05 10:29 . 2012-06-05 10:29117464----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-29 22:12 . 2012-04-22 13:36426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-29 22:12 . 2011-10-06 23:0470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-21 12:05 . 2012-05-21 12:05163048----a-w-c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-05-15 10:48 . 2012-05-22 20:448139072----a-w-c:\windows\system32\nvcuda.dll
    2012-05-15 10:48 . 2012-05-22 20:448105280----a-w-c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2012-05-22 20:445982528----a-w-c:\windows\SysWow64\nvcuda.dll
    2012-05-15 10:48 . 2012-05-22 20:442881856----a-w-c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-22 20:442681664----a-w-c:\windows\system32\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-22 20:442524992----a-w-c:\windows\SysWow64\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-22 20:4425248064----a-w-c:\windows\system32\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-22 20:442445120----a-w-c:\windows\SysWow64\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-22 20:442368832----a-w-c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2012-05-22 20:4419607872----a-w-c:\windows\SysWow64\nvoglv32.dll
    2012-05-15 10:48 . 2012-05-22 20:4417551680----a-w-c:\windows\SysWow64\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-22 20:4415322432----a-w-c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2012-05-22 20:4414298944----a-w-c:\windows\system32\drivers\nvlddmkm.sys
    2012-05-15 10:48 . 2012-03-14 03:0268928----a-w-c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2012-03-14 03:0261248----a-w-c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2011-10-30 14:2625743168----a-w-c:\windows\system32\nvoglv64.dll
    2012-05-15 10:48 . 2011-10-30 14:2618044224----a-w-c:\windows\system32\nvd3dumx.dll
    2012-05-15 10:48 . 2011-10-30 14:261738048----a-w-c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2011-10-30 14:261468224----a-w-c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2011-05-21 09:012741568----a-w-c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2009-07-13 21:5910194752----a-w-c:\windows\system32\nvwgf2umx.dll
    2012-05-15 09:29 . 2011-09-28 02:09889664----a-w-c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2011-09-28 02:0963296----a-w-c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2011-09-28 02:09118080----a-w-c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2011-09-28 02:093149632----a-w-c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2011-09-28 02:096151488----a-w-c:\windows\system32\nvcpl.dll
    2012-05-15 05:21 . 2012-05-15 05:21423744----a-w-c:\windows\SysWow64\nvStreaming.exe
    2012-05-15 02:29 . 2012-05-15 02:2929808----a-w-c:\windows\system32\drivers\mbamchameleon.sys
    2012-05-15 02:15 . 2012-05-15 02:152560----a-w-c:\windows\_MSRSTRT.EXE
    2012-05-12 21:23 . 2012-05-12 21:2374703----a-w-c:\windows\SysWow64\mfc45.dll
    2012-05-06 19:45 . 2012-05-06 19:458769696----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-19 03:22 . 2012-04-19 03:22286720------w-c:\windows\Setup1.exe
    2012-04-19 03:22 . 2012-04-19 03:2273216----a-w-c:\windows\ST6UNST.EXE
    2012-04-18 23:56 . 2012-04-18 23:5694208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 23:56 . 2012-04-18 23:5669632----a-w-c:\windows\SysWow64\QuickTime.qts
    2012-04-18 06:03 . 2012-05-12 22:508917360----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{44D8FF3D-E9E3-4327-A75B-10CD99745B13}\mpengine.dll
    2012-04-17 13:11 . 2012-03-15 20:2949152----a-w-c:\windows\system32\iolobtdfg.exe
    2012-04-17 13:11 . 2012-03-15 20:2917920----a-w-c:\windows\system32\smrgdf.exe
    2012-04-17 12:37 . 2012-04-21 10:182154032----a-w-c:\windows\system32\Incinerator64.dll
    2012-04-17 12:37 . 2012-03-15 20:292095816----a-w-c:\windows\SysWow64\Incinerator32.dll
    2012-04-17 11:25 . 2012-03-15 20:3031432----a-w-c:\windows\system32\drivers\ElRawDsk.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DCD5A9DEF340132AE028E0C7EC112B0A9A533117._service_run"="c:\users\Terry\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-07 1239576]
    "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-05-31 4480456]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5550984]
    "SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse"="c:\program files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [2011-08-18 1993216]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    .
    c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0st\0???\0M\0Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\CommunityGroup\0ks???\0M\0Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\CommunityGroup\0oup\011CE-BFC1-08002BE10318}\0007\Ndi\p?????\0Ch??ks\0?\0b\0{0.0.0.00000000}.{d7a703bf-3986-4423-af0d-c0361ca7bcf4}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2}\0llati???\0b\0{0.0.0.00000000}.{3f962164-128a-4ff9-9d5a-c27916c261c1}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2}\0Contr???\0b\0{0.0.0.00000000}.{3f962164-128a-4ff9-9d5a-c27916c261c1}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2}\0oft.V???\0b\0{0.0.0.00000000}.{9b86b7ad-2748-47e8-a5de-c15242bc1ffa}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2}\0s\MSV???\0b\0{0.0.0.00000000}.{9b86b7ad-2748-47e8-a5de-c15242bc1ffa}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2}\0e\Cla???\0b\0{0.0.0.00000000}.{a2701142-c741-4c58-8afa-605113b1e214}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2}\0autocheck smrgdf c:\users\Terry\AppData\Roaming\iolo\\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 257224]
    R3 ALSysIO;ALSysIO;c:\users\Terry\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 cpuz130;cpuz130;c:\users\Terry\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-11-18 16008]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-05-15 29808]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-06-05 117464]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-06-12 357976]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-11-01 1263200]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-01 3246040]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336]
    S2 iRacingService;iRacing.com Helper Service;c:\program files (x86)\iRacing\iRacingService.exe [2012-06-20 519848]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-11-01 285280]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-11-18 22408]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [2010-11-22 23040]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 22:12]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069959320-3649819413-638127054-1001Core.job
    - c:\users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 01:54]
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069959320-3649819413-638127054-1001UA.job
    - c:\users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 01:54]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-06-12 1281240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 17:11:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-04 20:11
    .
    Pre-Run: 335,427,850,240 bytes free
    Post-Run: 335,317,282,816 bytes free
    .
    - - End Of File - - BD0ACFCE30D1964F01C992E13F378C92
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good :)

    Any current issues?

    ===================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    Welll, no observed issues currently. Here is the MBAM log.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.04.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Terry :: ZOMBIE [administrator]

    2012-07-04 8:32:30 PM
    mbam-log-2012-07-04 (20-32-30).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 250130
    Time elapsed: 3 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  8. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    OTL Log

    OTL logfile created on: 2012-07-04 9:02:46 PM - Run 2
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Terry\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

    5.99 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.19% Memory free
    11.98 Gb Paging File | 9.99 Gb Available in Paging File | 83.39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 750.00 Gb Total Space | 312.23 Gb Free Space | 41.63% Space Free | Partition Type: NTFS
    Drive D: | 1112.92 Gb Total Space | 514.42 Gb Free Space | 46.22% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 320.50 Gb Free Space | 34.41% Space Free | Partition Type: NTFS
    Drive F: | 1397.26 Gb Total Space | 69.62 Gb Free Space | 4.98% Space Free | Partition Type: NTFS
    Drive G: | 596.17 Gb Total Space | 424.41 Gb Free Space | 71.19% Space Free | Partition Type: NTFS
    Drive H: | 596.17 Gb Total Space | 575.20 Gb Free Space | 96.48% Space Free | Partition Type: NTFS
    Drive I: | 499.34 Mb Total Space | 493.34 Mb Free Space | 98.80% Space Free | Partition Type: FAT
    Drive N: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ZOMBIE | User Name: Terry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-07-04 20:39:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Downloads\OTL.exe
    PRC - [2012-06-20 14:09:52 | 000,519,848 | R--- | M] (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730) -- C:\Program Files (x86)\iRacing\iRacingService.exe
    PRC - [2012-05-31 11:37:24 | 000,550,872 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
    PRC - [2012-05-24 15:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012-05-21 12:10:04 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
    PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012-04-17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    PRC - [2012-03-30 14:41:46 | 001,858,152 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
    PRC - [2012-03-30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    PRC - [2012-01-03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011-11-01 09:11:12 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2011-09-22 20:29:54 | 005,550,984 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2011-08-19 12:11:26 | 002,548,224 | ---- | M] (SteelSeries) -- C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
    PRC - [2011-08-18 12:36:54 | 001,993,216 | ---- | M] (SteelSeries) -- C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
    PRC - [2011-02-01 19:53:32 | 000,390,720 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-06-13 08:21:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012-06-13 08:21:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012-05-11 00:23:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012-05-11 00:23:40 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011-09-27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011-09-27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012-06-12 15:16:00 | 000,357,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012-06-12 15:16:00 | 000,022,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011-08-05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011-08-05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011-08-05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2011-03-15 16:18:32 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
    SRV:64bit: - [2011-03-15 16:18:22 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
    SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009-07-13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009-07-13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012-06-29 19:12:16 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-06-20 14:09:52 | 000,519,848 | R--- | M] (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730) [Auto | Running] -- C:\Program Files (x86)\iRacing\iRacingService.exe -- (iRacingService)
    SRV - [2012-05-15 07:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012-04-17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2012-04-01 23:20:56 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012-03-30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
    SRV - [2012-01-03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011-11-01 09:11:12 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2011-02-01 19:55:24 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009-06-10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012-06-05 07:29:26 | 000,117,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012-05-14 23:29:12 | 000,029,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV:64bit: - [2012-04-17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
    DRV:64bit: - [2012-03-01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011-11-18 16:23:24 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV:64bit: - [2011-11-18 16:23:24 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
    DRV:64bit: - [2011-11-01 09:11:14 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
    DRV:64bit: - [2011-11-01 09:11:10 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
    DRV:64bit: - [2011-11-01 09:11:09 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2011-11-01 08:56:18 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2011-09-22 22:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
    DRV:64bit: - [2011-09-21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2011-09-02 03:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2011-09-02 03:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011-09-02 03:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011-05-10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011-03-11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010-11-22 16:22:38 | 000,023,040 | ---- | M] (Sagatek Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MO3v2Driver.sys -- (SSMO3v2Filter)
    DRV:64bit: - [2010-11-20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-08-11 09:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
    DRV:64bit: - [2010-04-27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
    DRV:64bit: - [2010-04-27 17:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
    DRV:64bit: - [2010-04-27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
    DRV:64bit: - [2010-04-27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
    DRV:64bit: - [2010-04-27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
    DRV:64bit: - [2009-07-13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-06-10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006-11-06 05:38:58 | 000,047,104 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009-07-13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 07 72 1A 7B 7D CC 01 [binary data]
    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...9a928fc107f&lang=en&ds=AVG&pr=fr&d=2012-05-12 12:57:37&v=11.0.0.9&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\..\SearchScopes\{ABEF7BC5-2A1A-4160-A39F-E40386CDC052}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\..\SearchScopes\{BC41400E-BCA8-42D1-AD2E-2551D49A401D}: "URL" = http://torrentz.eu/search?f={searchTerms}
    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\..\SearchScopes\{E5928DC7-B5BE-4D41-B31D-862ED6CA5694}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Terry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Terry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


    [2012-05-04 08:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\extensions
    [2012-05-04 08:24:32 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Terry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - Extension: YouTube = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-07-04 17:08:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
    O4 - HKLM..\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKU\S-1-5-21-2069959320-3649819413-638127054-1001..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
    O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2069959320-3649819413-638127054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18D02FB6-66F4-483E-9159-9211CE621D15}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6A7243B-8078-4148-A1D5-A48F822E490F}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\WB: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-11-21 05:33:27 | 000,000,122 | R--- | M] () - N:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (PDBoot.exe)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (st)
    O34 - HKLM BootExecute: (ᑡኞҰ)
    O34 - HKLM BootExecute: (M)
    O34 - HKLM BootExecute: (Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\CommunityGroup)
    O34 - HKLM BootExecute: (ksᙱኞҰ)
    O34 - HKLM BootExecute: (M)
    O34 - HKLM BootExecute: (Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\CommunityGroup)
    O34 - HKLM BootExecute: (oup)
    O34 - HKLM BootExecute: (11CE-BFC1-08002BE10318}\0007\Ndi\pᥣฟྯ袰ኞ)
    O34 - HKLM BootExecute: (Chಀኣks)
    O34 - HKLM BootExecute: (Ұ)
    O34 - HKLM BootExecute: (b)
    O34 - HKLM BootExecute: ({0.0.0.00000000}.{d7a703bf-3986-4423-af0d-c0361ca7bcf4}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2})
    O34 - HKLM BootExecute: (llatiᦑኞҰ)
    O34 - HKLM BootExecute: (b)
    O34 - HKLM BootExecute: ({0.0.0.00000000}.{3f962164-128a-4ff9-9d5a-c27916c261c1}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2})
    O34 - HKLM BootExecute: (ContrᩱኞҰ)
    O34 - HKLM BootExecute: (b)
    O34 - HKLM BootExecute: ({0.0.0.00000000}.{3f962164-128a-4ff9-9d5a-c27916c261c1}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2})
    O34 - HKLM BootExecute: (oft.V᭑ኞҰ)
    O34 - HKLM BootExecute: (b)
    O34 - HKLM BootExecute: ({0.0.0.00000000}.{9b86b7ad-2748-47e8-a5de-c15242bc1ffa}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2})
    O34 - HKLM BootExecute: (s\MSVᰱኞҰ)
    O34 - HKLM BootExecute: (b)
    O34 - HKLM BootExecute: ({0.0.0.00000000}.{9b86b7ad-2748-47e8-a5de-c15242bc1ffa}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2})
    O34 - HKLM BootExecute: (e\ClaᴑኞҰ)
    O34 - HKLM BootExecute: (b)
    O34 - HKLM BootExecute: ({0.0.0.00000000}.{a2701142-c741-4c58-8afa-605113b1e214}|#%b{A9EF3FD9-4240-455E-A4D5-F2B3301887B2})
    O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\Terry\AppData\Roaming\iolo\)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-07-04 17:08:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012-07-04 16:58:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012-07-04 16:58:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012-07-04 16:58:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012-07-04 16:58:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-07-04 16:58:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012-07-04 16:57:55 | 004,571,247 | R--- | C] (Swearware) -- C:\Users\Terry\Desktop\ComboFix.exe
    [2012-07-04 04:52:29 | 000,000,000 | ---D | C] -- C:\FRST
    [2012-07-02 20:12:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\Temp
    [2012-06-30 23:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012-06-30 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012-06-30 22:47:34 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{774629D3-6A3A-4C4E-8D1B-8B122E2D57CE}
    [2012-06-30 22:47:22 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{B3D7BE25-3E4D-4078-9912-6E3CB803BE84}
    [2012-06-29 19:15:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012-06-29 11:11:23 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{C33E6D85-481A-4F89-A854-C46C94037CF5}
    [2012-06-29 11:11:12 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{6EFFB769-92C9-4B4E-8DA7-457E2D32EBBA}
    [2012-06-28 22:49:03 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{45122428-7B84-4F2E-89E4-BB30DACD0492}
    [2012-06-28 22:48:53 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{ED30F8BB-605C-48D2-BF1A-DF27568742EE}
    [2012-06-26 16:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012-06-26 16:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2012-06-25 19:08:00 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{B0AAA51F-BD9D-46E5-890F-78173ADF8145}
    [2012-06-25 19:07:50 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{45F795ED-DA92-4B9A-AFD7-B0C179D80C5E}
    [2012-06-23 12:23:53 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{1E2E311D-F0AB-45F6-8E68-8E7801C67BD5}
    [2012-06-23 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{BF3BE502-F00A-4BAF-965C-12C6AEA4DC8F}
    [2012-06-21 23:12:30 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{D04FC8E9-D119-4785-9D43-6FF48014BABF}
    [2012-06-21 11:12:04 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{942D43A2-07A5-45B7-B363-286B4D3A4663}
    [2012-06-21 11:11:54 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{7D799D8F-B88E-44DF-9954-E7DD9DF02BFC}
    [2012-06-20 11:38:28 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{A76E65F2-C3B0-4023-AA5C-DD3606AD526A}
    [2012-06-20 11:38:18 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{2B771B38-7954-4382-B4E2-4C6500560177}
    [2012-06-20 11:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpeed
    [2012-06-20 10:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GearSound
    [2012-06-18 21:45:45 | 000,000,000 | ---D | C] -- C:\Users\Terry\Documents\Office 2010
    [2012-06-18 20:46:30 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{E02661B5-53F4-4EF5-B1A1-119F994CD483}
    [2012-06-14 23:46:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{FFAE15D8-B6B3-489F-B06E-BCC12CCFD64E}
    [2012-06-12 21:19:19 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{1C00728F-87C0-46E3-9C6F-787F7BD99EA4}
    [2012-06-12 21:19:08 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{5088EB43-F787-4C19-9F7F-A13B76F911BF}
    [2012-06-11 17:40:14 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{47708FEC-68D2-4BCA-ABC7-18D88FF24FF7}
    [2012-06-11 17:40:03 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{E8861517-5030-43B5-91E4-0693645BD47F}
    [2012-06-10 23:03:19 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{3E55C930-6F44-4067-AAB1-8A32017AEAD8}
    [2012-06-10 23:03:09 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{3DDF850F-DF5A-48D4-B08C-F3A9F0833CE5}
    [2012-06-07 22:38:45 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{805BE2A2-3323-4ABC-B719-23A5D55523FB}
    [2012-06-07 22:38:34 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{A5E96585-3C46-4124-996F-982FC396E50E}
    [2012-06-06 21:53:58 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{E7CE6FE7-DBD2-4D9B-9EB0-EB1B1BB41165}
    [2012-06-06 21:53:48 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{399445E1-7756-42F1-94EE-C21E1A0F1E62}
    [2012-06-05 00:13:00 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{302CB654-AE4F-43E0-B161-40F15DF42026}
    [2012-06-05 00:12:49 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{D1266BCD-CA2A-43E0-BA4E-492FF43233D3}
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-07-04 21:00:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-07-04 21:00:10 | 529,903,615 | -HS- | M] () -- C:\hiberfil.sys
    [2012-07-04 20:45:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-07-04 20:35:07 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-07-04 20:35:07 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-07-04 17:08:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012-07-04 17:08:18 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012-07-04 16:58:32 | 000,872,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012-07-04 16:58:32 | 000,726,240 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012-07-04 16:58:32 | 000,146,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012-07-04 16:49:02 | 004,571,247 | R--- | M] (Swearware) -- C:\Users\Terry\Desktop\ComboFix.exe
    [2012-07-01 08:16:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069959320-3649819413-638127054-1001UA.job
    [2012-07-01 08:06:35 | 000,001,272 | ---- | M] () -- C:\Users\Terry\Desktop\shutdown.lnk
    [2012-06-30 23:01:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012-06-29 17:16:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069959320-3649819413-638127054-1001Core.job
    [2012-06-29 10:16:08 | 000,000,127 | ---- | M] () -- C:\Users\Terry\Documents\default.html
    [2012-06-28 00:10:22 | 000,001,624 | ---- | M] () -- C:\Users\Terry\Desktop\Widescreen Desktops - Shortcut.lnk
    [2012-06-25 14:57:00 | 004,968,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012-06-24 23:17:19 | 000,075,014 | ---- | M] () -- C:\Users\Terry\Documents\fIBRE-oPconnections.gif
    [2012-06-20 10:57:00 | 000,001,093 | ---- | M] () -- C:\Users\Terry\Desktop\GearSound.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-07-04 16:58:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012-07-04 16:58:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012-07-04 16:58:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012-07-04 16:58:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012-07-04 16:58:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012-07-01 08:06:20 | 000,001,272 | ---- | C] () -- C:\Users\Terry\Desktop\shutdown.lnk
    [2012-06-30 23:00:57 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials Prerelease.lnk
    [2012-06-28 00:10:22 | 000,001,624 | ---- | C] () -- C:\Users\Terry\Desktop\Widescreen Desktops - Shortcut.lnk
    [2012-06-24 23:17:33 | 000,075,014 | ---- | C] () -- C:\Users\Terry\Documents\fIBRE-oPconnections.gif
    [2012-06-20 13:49:36 | 000,000,127 | ---- | C] () -- C:\Users\Terry\Documents\default.html
    [2012-06-20 10:55:51 | 000,001,093 | ---- | C] () -- C:\Users\Terry\Desktop\GearSound.lnk
    [2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012-05-14 23:15:24 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2012-05-12 18:23:09 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
    [2012-03-28 00:27:34 | 000,000,415 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\All CPU Meter_Settings.ini
    [2011-12-25 18:35:21 | 000,083,605 | ---- | C] () -- C:\Windows\War3Unin.dat
    [2011-10-22 22:40:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011-10-15 19:16:34 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011-10-05 18:05:04 | 000,003,584 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011-09-28 00:32:55 | 000,028,674 | ---- | C] () -- C:\Windows\SysWow64\cpnoged.dll
    [2011-09-27 22:39:17 | 000,889,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== LOP Check ==========

    [2011-11-01 09:23:02 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Acronis
    [2012-02-28 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Broderbund
    [2011-11-01 09:11:13 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\C0D6AA19-88CD-42C9-833C-198B5FBBFE4D
    [2011-09-28 18:16:54 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012-06-29 16:15:18 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\DisplayFusion
    [2012-06-20 10:59:01 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Downloaded Installations
    [2012-07-04 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Dropbox
    [2012-06-29 10:16:29 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\FileZilla
    [2012-03-15 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\iolo
    [2011-11-18 16:19:51 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Leadertech
    [2011-12-21 01:20:58 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Need for Speed World
    [2012-04-19 00:24:25 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\RIFT
    [2012-03-15 22:38:59 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\runic games
    [2011-12-29 15:43:49 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\SteelSeries
    [2011-12-06 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\TS3Client
    [2011-10-11 21:33:50 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\ts3overlay
    [2012-06-24 09:24:36 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\uTorrent
    [2011-09-30 16:15:44 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Windows Live Writer
    [2012-07-04 17:07:36 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  9. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    OTL Extras logfile created on: 2012-07-04 8:41:42 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Terry\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

    5.99 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 68.14% Memory free
    11.98 Gb Paging File | 9.79 Gb Available in Paging File | 81.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 750.00 Gb Total Space | 312.22 Gb Free Space | 41.63% Space Free | Partition Type: NTFS
    Drive D: | 1112.92 Gb Total Space | 514.42 Gb Free Space | 46.22% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 320.50 Gb Free Space | 34.41% Space Free | Partition Type: NTFS
    Drive F: | 1397.26 Gb Total Space | 69.62 Gb Free Space | 4.98% Space Free | Partition Type: NTFS
    Drive G: | 596.17 Gb Total Space | 424.41 Gb Free Space | 71.19% Space Free | Partition Type: NTFS
    Drive H: | 596.17 Gb Total Space | 575.20 Gb Free Space | 96.48% Space Free | Partition Type: NTFS
    Drive I: | 499.34 Mb Total Space | 493.51 Mb Free Space | 98.83% Space Free | Partition Type: FAT
    Drive N: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ZOMBIE | User Name: Terry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8F710A99-E578-4744-8F82-5F0AB4C8871B}" = Microsoft Security Client
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "EVGA E-LEET TUNING UTILITY_is1" = EVGA E-LEET TUNING UTILITY 1.09.9
    "Logitech Gaming Software" = Logitech Gaming Software 8.30
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Security Client" = Microsoft Security Essentials Prerelease
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "WinRAR archiver" = WinRAR 4.11 (64-bit)
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3544DED1-07DB-40C0-98F3-435A6DA195C7}" = Google SketchUp 8
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C5176C5-FB75-44FA-A5CE-C515BD6A1EBE}" = iSpeed 3.3.0.0
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
    "{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
    "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B832F6BF-B53E-4A51-BD95-A1D5D956207C}" = World of Warcraft(R): Cataclysm(TM) MMO Gaming Mouse
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}" = iRacing.com Race Simulation
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DC0C5A78-6DBF-3444-0120-0FE8F0134FCD}" = Adobe Download Assistant
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 4.0.1
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "Diablo II" = Diablo II
    "Diablo III" = Diablo III
    "EasyBCD" = EasyBCD 2.1.2
    "FileZilla Client" = FileZilla Client 3.5.3
    "GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
    "LinX" = LinX
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mavis Beacon Platinum - 25th Anniversary Edition" = Mavis Beacon Platinum - 25th Anniversary Edition (remove only)
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PowerISO" = PowerISO
    "Runic Games Torchlight" = Torchlight
    "StarCraft II" = StarCraft II
    "Steam App 105600" = Terraria
    "Steam App 10680" = Aliens vs. Predator
    "Steam App 202480" = Creation Kit
    "Steam App 220" = Half-Life 2
    "Steam App 300" = Day of Defeat: Source
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 3590" = Plants vs. Zombies: Game of the Year
    "Steam App 400" = Portal
    "Steam App 440" = Team Fortress 2
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "Warcraft III" = Warcraft III
    "WinLiveSuite" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "World of Warcraft Beta" = World of Warcraft Beta

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2069959320-3649819413-638127054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "c5c968b829b4973b" = Curse Client - Test
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Warcraft III" = Warcraft III: All Products

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2012-05-23 9:29:57 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 2012-05-23 9:29:57 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 2012-05-23 9:32:59 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 2012-05-23 9:32:59 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 2012-05-23 9:32:59 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 2012-05-23 9:32:59 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 2012-05-23 9:33:00 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 2012-05-23 9:33:00 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 2012-05-23 9:33:00 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 2012-05-23 9:33:00 PM | Computer Name = Zombie | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ Media Center Events ]
    Error - 2012-06-25 1:55:25 PM | Computer Name = Zombie | Source = Microsoft-Windows-Media Center Extender | ID = 301
    Description =

    Error - 2012-06-25 1:56:35 PM | Computer Name = Zombie | Source = Microsoft-Windows-Media Center Extender | ID = 104
    Description =

    Error - 2012-06-25 1:59:48 PM | Computer Name = Zombie | Source = Microsoft-Windows-Media Center Extender | ID = 700
    Description =

    Error - 2012-06-30 9:41:20 PM | Computer Name = Zombie | Source = MCUpdate | ID = 0
    Description = 10:41:20 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

    Error - 2012-07-04 4:02:09 PM | Computer Name = Zombie | Source = MCUpdate | ID = 0
    Description = 5:02:09 PM - Error connecting to the internet. 5:02:09 PM - Unable
    to contact server..

    Error - 2012-07-04 4:02:41 PM | Computer Name = Zombie | Source = MCUpdate | ID = 0
    Description = 5:02:19 PM - Error connecting to the internet. 5:02:19 PM - Unable
    to contact server..

    Error - 2012-07-04 7:32:09 PM | Computer Name = Zombie | Source = MCUpdate | ID = 0
    Description = 8:32:09 PM - Failed to retrieve MCESpotlight-2.cab (Error: BITS 0x80070424)

    Error - 2012-07-04 7:32:10 PM | Computer Name = Zombie | Source = MCUpdate | ID = 0
    Description = 8:32:10 PM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)
    8:32:10
    PM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 8:32:10 PM - Failed
    to retrieve SMTiles-2.cab (Error: BITS 0x80070424) 8:32:10 PM - Failed to retrieve
    UpdateableMarkup-2.cab (Error: BITS 0x80070424)

    Error - 2012-07-04 7:32:10 PM | Computer Name = Zombie | Source = MCUpdate | ID = 0
    Description = 8:32:10 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

    Error - 2012-07-04 7:32:11 PM | Computer Name = Zombie | Source = MCUpdate | ID = 0
    Description = 8:32:11 PM - Failed to retrieve ScheduleSupplement-2.cab (Error: BITS
    0x80070424) 8:32:11 PM - Failed to retrieve SportsTemplate-2.cab (Error: BITS 0x80070424)
    8:32:11
    PM - Failed to retrieve SportsTemplateCore-2.cab (Error: BITS 0x80070424)

    [ System Events ]
    Error - 2012-03-16 10:31:50 PM | Computer Name = Zombie | Source = DCOM | ID = 10016
    Description =

    Error - 2012-03-16 11:31:50 PM | Computer Name = Zombie | Source = DCOM | ID = 10016
    Description =

    Error - 2012-03-17 10:29:58 AM | Computer Name = Zombie | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
    Description = Performance power management features on processor 0 in group 0 are
    disabled due to a firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 2012-03-17 10:29:58 AM | Computer Name = Zombie | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
    Description = Performance power management features on processor 2 in group 0 are
    disabled due to a firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 2012-03-17 10:29:58 AM | Computer Name = Zombie | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
    Description = Performance power management features on processor 1 in group 0 are
    disabled due to a firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 2012-03-17 10:29:58 AM | Computer Name = Zombie | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
    Description = Performance power management features on processor 3 in group 0 are
    disabled due to a firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 2012-03-17 10:30:21 AM | Computer Name = Zombie | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SCDEmu

    Error - 2012-03-17 10:33:23 AM | Computer Name = Zombie | Source = DCOM | ID = 10016
    Description =

    Error - 2012-03-17 10:34:22 AM | Computer Name = Zombie | Source = DCOM | ID = 10016
    Description =

    Error - 2012-03-17 10:36:22 AM | Computer Name = Zombie | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  10. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    OTL logs are clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  11. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    iolo technologies' System Mechanic
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    iolo Common Lib ioloServiceManager.exe
    ``````````End of Log````````````
     
  12. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    Farbar Service Scanner Version: 02-07-2012
    Ran by Terry (administrator) on 05-07-2012 at 09:24:43
    Running from "C:\Users\Terry\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     
  13. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    Eset Scan in progress, will post when complete.
     
  14. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    Still scanning...
     
  15. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    ESET result:
    C:\Users\Terry\Documents\Installers\Nero-8.3.6.0_eng_update.exeWin32/Toolbar.AskSBar applicationdeleted - quarantined
    G:\Archive\Dragon\Installers\Nero-8.3.6.0_eng_update.exeWin32/Toolbar.AskSBar applicationdeleted - quarantined
    G:\Users-Copy\Terry\Documents\Installers\Nero-8.3.6.0_eng_update.exeWin32/Toolbar.AskSBar applicationdeleted - quarantined
     
  16. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =======================================

    Uninstall iolo technologies' System Mechanic.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =======================================================

    FSS shows some registry key issue affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on bits.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.
     
  17. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    Farbar Service Scanner Version: 02-07-2012
    Ran by Terry (administrator) on 05-07-2012 at 22:58:25
    Running from "C:\Users\Terry\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  18. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Some services are still not running.

    Download Windows Repair (all in one) from this site

    Install the program then run

    Go to step 2 and allow it to run Disc check

    [​IMG]



    Once that is done then go to step 3 and allow it to run SFC

    [​IMG]


    On the the Start Repairs tab click Start button.

    [​IMG]


    Please ensure that items seen in the image below are ticked as indicated:

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start

    Post new FSS log.
     
  19. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    Farbar Service Scanner Version: 02-07-2012
    Ran by Terry (administrator) on 06-07-2012 at 09:02:48
    Running from "C:\Users\Terry\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  20. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good :)

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1-ZOMBIE
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Terry
    ->Temp folder emptied: 177656 bytes
    ->Temporary Internet Files folder emptied: 8605776 bytes
    ->Java cache emptied: 2027 bytes
    ->Google Chrome cache emptied: 179993084 bytes
    ->Flash cache emptied: 866 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 114946 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 180.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mcx1-ZOMBIE
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Terry
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Mcx1-ZOMBIE

    User: Public

    User: Terry
    ->Java cache emptied: 0 bytes

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07062012_215434

    Files\Folders moved on Reboot...
    C:\Users\Terry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Terry\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Terry\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Terry\AppData\Local\Temp\FXSTIFFDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  22. Terry Ramsey

    Terry Ramsey TS Member Topic Starter

    K, all steps completed as instructed. Will continue maintenance as directed. Will keep an eye on my system for any strangeness. It currently seems well-behaved.

    I can't express enough thanks for your time and comittment to getting my system fixed. Thanks Broni! Thanks Techspot for providing the forum!
     
  23. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...