Virus infecting svchost

Solved
By Cal_74
Feb 2, 2013
  1. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    ComboFix 13-02-02.05 - Calimero 03/02/2013 4:31.1.8 - x64 NETWORK
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.6068.5052 [GMT 1:00]
    Lancé depuis: c:\users\Calimero\Desktop\ComboFix.exe
    AV: BitDefender Antivirus *Enabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
    FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
    SP: BitDefender Antispyware *Enabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
    c:\programdata\FullRemove.exe
    c:\programdata\Roaming
    c:\users\Calimero\AppData\Local\assembly\tmp
    c:\users\Calimero\AppData\Local\uninst.tmp
    c:\windows\msxml4-KB2758694-enu.LOG
    c:\windows\SysWow64\tmp3C98.tmp
    c:\windows\SysWow64\tmp3CE7.tmp
    c:\windows\SysWow64\tmp539B.tmp
    c:\windows\SysWow64\tmp53AC.tmp
    c:\windows\SysWow64\tmpAF42.tmp
    c:\windows\SysWow64\tmpAF43.tmp
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2013-01-03 au 2013-02-03 ))))))))))))))))))))))))))))))))))))
    .
    .
    2013-02-03 00:02 . 2013-02-03 00:02 -------- d-----w- c:\program files (x86)\ESET
    2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\users\Calimero\AppData\Roaming\Malwarebytes
    2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\programdata\Malwarebytes
    2013-02-02 23:22 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-02-02 22:12 . 2013-02-02 23:32 -------- d-----w- c:\users\Calimero\AppData\Roaming\Puaquh
    2013-02-02 22:12 . 2013-02-02 22:14 -------- d-----w- c:\users\Calimero\AppData\Roaming\Odtoy
    2013-02-02 22:12 . 2013-02-02 22:13 -------- d-----w- c:\users\Calimero\AppData\Roaming\tor
    2013-02-01 21:06 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Local\GameMaker8.1
    2013-02-01 21:06 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Local\YoYo_Games_Ltd
    2013-02-01 21:05 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Roaming\GameMaker
    2013-02-01 20:02 . 2013-02-01 20:02 -------- d-----w- c:\users\Calimero\AppData\Local\PreEmptive Solutions
    2013-02-01 17:51 . 2013-02-01 17:51 -------- d-----w- c:\users\Calimero\AppData\Local\CrashDumps
    2013-01-28 18:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-26 21:08 . 2013-01-27 11:59 -------- d-----w- c:\users\Calimero\AppData\Roaming\Elephant Games
    2013-01-26 21:08 . 2013-01-27 11:59 -------- d-----w- c:\programdata\Elephant Games
    2013-01-24 20:59 . 2012-10-17 03:31 741480 ------w- c:\windows\system32\HPDiscoPMa211.dll
    2013-01-24 20:59 . 2013-01-24 20:59 -------- d-----w- c:\program files\HP
    2013-01-13 20:49 . 2013-01-13 20:49 -------- d-----w- c:\users\Calimero\AppData\Roaming\digipen
    2013-01-13 20:49 . 2013-01-13 20:49 -------- d-----w- c:\users\Calimero\AppData\Local\digipen
    2013-01-13 14:13 . 2013-01-13 14:13 -------- d-----w- c:\users\Calimero\AppData\Local\DigitalVolcano
    2013-01-13 13:42 . 2013-01-13 13:42 -------- d-----w- c:\program files (x86)\Duplicate Cleaner
    2013-01-12 13:40 . 2013-01-12 13:40 -------- d-----w- c:\users\Calimero\AppData\Local\Zoner
    2013-01-12 13:40 . 2013-01-12 13:40 -------- d-----w- c:\users\Calimero\AppData\Roaming\Zoner
    2013-01-12 13:37 . 2013-01-12 13:37 -------- d-----w- c:\programdata\Zoner
    2013-01-12 13:37 . 2013-01-12 13:37 -------- d-----w- c:\program files\Zoner
    2013-01-10 21:03 . 2013-01-19 17:12 -------- d-----w- c:\program files (x86)\Alawar
    2013-01-09 05:47 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 05:45 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 05:45 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-07 21:20 . 2013-01-07 21:20 -------- d-----w- c:\users\Calimero\AppData\Roaming\SolEol
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-03 00:04 . 2011-01-15 14:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2013-01-10 19:21 . 2012-04-24 15:50 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-10 19:21 . 2011-06-14 20:00 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 06:02 . 2011-01-15 21:47 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-19 21:08 . 2012-09-02 11:11 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-12-19 21:08 . 2011-10-25 19:57 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-16 17:11 . 2012-12-21 22:17 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 22:17 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:17 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-01 14:21 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-12-01 14:21 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-12-01 12:24 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-12-01 12:22 . 2012-12-01 12:22 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-11-30 04:45 . 2013-01-09 05:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-14 07:06 . 2012-12-13 05:27 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-13 05:27 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-13 05:27 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-13 05:27 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-13 05:27 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-13 05:27 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-13 05:27 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-13 05:27 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-13 05:27 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-13 05:27 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-13 05:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-13 05:27 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-13 05:27 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-13 05:27 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-13 05:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-13 05:27 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-13 05:27 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-13 05:27 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-13 05:27 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-13 05:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-13 05:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-13 05:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-13 01:12 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-13 01:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
    "Z1"="c:\users\Calimero\Desktop\mbar-1.01.0.1017\mbar\mbar.exe" [2013-01-18 1358408]
    .
    c:\users\Calimero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Alertes de surveillance de l'encre - HP Deskjet 3070 B611 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    .
    R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2011-12-02 89680]
    R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
    R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-01-19 103944]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2009-03-09 73392]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    R2 MSMQSVC;Message Queuing Service;c:\windows\system32\mqsv32.exe [x]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    R2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-03-28 3288400]
    R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
    R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
    R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-01-29 163936]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-04 79360]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-31 1038088]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
    R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-06-18 53312]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 318056]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1255736]
    S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-06 55440]
    S0 oodrvled;oodrvled;c:\windows\system32\DRIVERS\oodrvled.sys [2011-03-02 30800]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2011-12-02 88144]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-09-24 229376]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-09-24 69120]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2012-11-02 1704568]
    "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-03-28 3998032]
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.be/
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Calimero\AppData\Roaming\Mozilla\Firefox\Profiles\7bcnnfzp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
    Toolbar-Locked - (no file)
    HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    AddRemove-Ootake_is1 - d:\games\Emuls\Ootake\unins000.exe
    AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
    AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-3955869695-4156559446-3699184568-1002\Software\SecuROM\License information*]
    "datasecu"=hex:0e,06,4d,74,33,13,96,83,da,f1,50,1c,dc,33,d6,92,8b,42,52,69,94,
    e4,8e,77,6c,e9,70,9b,f8,a7,04,59,7e,01,68,07,f9,39,b0,d9,b7,79,e8,23,39,b7,\
    "rkeysecu"=hex:12,40,19,d4,7b,f1,83,63,b1,ec,fb,fe,15,5c,10,cb
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODLED04.00.00.01PRO"="E1224628CBB33A7F3882D6CAB871D9DFEA1B66BCE34E276E0CCDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98085D575E7D6A3B980819A297E7EE2EF7AE8624D30A399E2BCFB4AF24A6F93F143EB93EE2E5A482905C87483B03C022695966D3FEDEB161A43B7FD77E68030EF29F73E9FACECF5F1F5F8BC1A407B49997F7EE88261E4E8784496EF548E15145F02061479ACFA8D77C960DF938DEAA92A5BD9FDE1110D8541E19BCFCC957380E33ED163CAB4AA91840DE966AA328E6E0BC551D894C317F60CAC346731142EB63622E48455C5431A205065A255337112B08DAB14D272ED19667528F7370CE8898AC76D1719F36034DE852294D7D9237EB36DFC903B6ECC6B8D3C13C2BF9DC8CD04451B3E4A970C7410FF97D9C97F149F07C69F519D285B5D77485965C8A825905DEBE8FD5F6B00A7D1D2B725EDBC61BDE91EF6B109740DEDBB2828D5EBB07B68135B12C0FC35F3AD23F8347724C32662C31E082FB6520E003FB14329AF1E6CCE80611F4701394A9E6A398E0CEA88AC5239A9D38086057C3DA3F07BA1050D3AC2E91B878EDAA9D1134FB72C67AF95BB9E0137A2E706FCB6FC8729D01D0BFB0471C1FF5EA0E95FD0B07FE0CA4110CE2A7DBDFC1A987419B31838D8D8282EE17734DF70D21ECA1691904E8564AC46D14D8574EAE12B043153A178D82E1DF4E536B3268349638604A1C1E77342CD77093F6F02E7374E72C3C21E17398643892664D12C2176B35A7BC5C20EC7FE1242CBD1495D23404B772485E1BC2E3F36BB5831C05DDD4E039921406A89082A895FC21A588138B1243D124CF4784681FF1F3143DF59200DF317F5528A82C7E5D2B027E82DF4A059ABECBEF3743C5211855CFB4FB27BD20709A10B835E48F27067B9D4EE688D9A1B873A47FB8BF977B33B38D3686ADC2AF440B2AAD85F90D24CAACF6B974BE25D62E4063D9DE3F0E5AEA3FB51C6F70061E2DA7F8D4D4D2FA9276FB7921AE96928EDF94D3BB161AC113DEBE9520AD2F714E21AC6904C1B23380F93A54157EF60FA5D6F68812317C50EF4F0CC0AD99F7F196BCE9AD44CF2F177367CA7ADCAF9A096B3E7FD282E365D72F211688E674317A443EC1BC53653185E279A52373730F75A6E8DC4DE449A80082E0DD891EDD13001308AC5122D0F7E8BB0AD8CA065DB94A8FCBCED2C25DEEEF10BA7A9D5D5EAA7CB8A1B367D73F14285D99822E79E54E05D37E2C03DD8232D471001669605E586DDA35F843CC44EBB51B4B585261E9D9A49240DCC2A8FC455EB5A8EFCF19AED0D316922D690F57B981BE6821FC8A2A3AAC64EEDEBAC977C8425E4D59F9AA801DB6762D18A55ED3898282DB3BBAF2CAA1A4CE11C3569E7F3638E12CB7D5EDE91A"
    "OODEFRAG15.00.00.01PROFESSIONAL"="236EE06FA09AE09B0FA0644328B651E4244E55B9544617B1F405C951E07DDB30710552F254FD8E90143B83C1969C9B5BE1CEDAFBD32FF55432B6ECE4AE72EBF84DE9E8C848FB567E5B93E307153B8CED9AE580B27B8DAAC8736A5741D160B1BF4FF5BDC61863E777C71CD44919CB96E2A1BDE7973F2411A599A31EBFD9330B8C83257D0913EA45943467B504CEEB8382BAA44727C8995302F6086E000DB9A9E86A9766EE392845F16C30FBF8951DEC18220C68237377F2FED1E3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98085D575E7D6A3B9808F42F1B801C5E3A566EA8644BF70FEAC723B09438B45D53ECFAA0E2DCE2122690F7DC73D2211EAC828FB1C184267D953BE3C6CE131336107A3B16AAC8A1573A8A5780471A9A90D98693E81BB7A1DCEC3854E51933443383FD4AFC73B2EED4ECCA7FF1AC2E1C19352A3AA60645E2DEF061AD892624487B5894F690296EEE43B685F34E71CD0EA2A4DBDC094975B6BF937D396F5AD2EEB7AF7D215171B5985E859547759318AB17012C6371E1F03F3D3E775899CE93DE191D1D3C0220A235E5B8F5A40C461584681AD3CB0402C76F98C8DDFB4ED11E91D0A97A4F294137631DA7C7C8F9722DFC8B30AAAA2A0C6B92950564AC97650E54155042F91292D6184C19D0056AB2AD4C78FAAEA49119B2C201B3E184C33E63CAA101C3E9CB86CB183ECBF83E4FD6C67EACA203F32BF557F0260D513565C50068B52073E32AC44000C36FCEEDDA6210F1A8C7EB672CA3F7E358BCD07F529AAB781206E841442746BCAEA98121070C025DEF7955618DD597B26BE0243C248D13187EFDDF6D74BB5090D814E6F98F41F9460C404BD70C761C4CB90C31563AA3443A4649B8E8DAC5B9151CBAF62D739F3A898A940054A920CF6EA246044D3597B222B61AF7C659BBBBB3D89ECF84F67BE5567964CAF52CA461AF068A4A337CD5B66CA21AC3329847F82AF336B1DBA35C08B0F01323709A87E2F749C658313A808B0561E4696402C8758CD2698026C47D0EEF8575A90843824C85D65FA4805A6DCFAECD89D72FC6D019C0E29447E76ACFC94158D59D96378175E71DAA49F1922407FDC58D24F5D7A6B0829289323A69F4EEA20773670C4CA49E040C7306685665195E2CE806B2ED44EB5F560E11C9D9C41968367E8EE99A41691399F8BC5A6120510C6785576F84D9DFBBA55AD9D9174C433B109D434780DFDCA141EE7555B0FADE9AE2459A4ED948844DFB9B25BDC049D095C0EB564D1E3CE111FD7BDAF5074F556E8CFBF203F027B69E58F2AFDFBC3086C878F4BDB9D8C7C89454BA3B70E92A2C40D772A755113F360EBFF4DA3DB2A80DF66C3E13E05926C3B5473A0A0D254E3EA0BA"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Heure de fin: 2013-02-03 04:51:38
    ComboFix-quarantined-files.txt 2013-02-03 03:51
    .
    Avant-CF: 48.643.473.408 octets libres
    Après-CF: 51.274.227.712 octets libres
    .
    - - End Of File - - 09C573BC64F4B19BB0F9B3A994560A1B
  2. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    Mistake on my side, I saw during the process that I forgot to close IE :confused: . Do I need to relaunch ComboFix?
  3. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    No. You're fine.

    See if you can start in normal mode now.

    If not....

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  4. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    I saw the desktop / task bar after the normal reboot but it remained stuck there. I'll proceed with the Farbar Recovery scan now.
  5. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02
    Ran by SYSTEM at 03-02-2013 05:37:05
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [x]
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-04] (Synaptics Incorporated)
    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
    HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
    HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
    HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [BitDefender Antiphishing Helper 32] "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [71152 2009-10-19] (BitDefender S.R.L.)
    HKLM\...\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" [76296 2009-10-19] (BitDefender S.R.L.)
    HKLM\...\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" [1704568 2012-11-02] (BitDefender S.R.L.)
    HKLM\...\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe [3998032 2012-03-28] (O&O Software GmbH)
    HKLM-x32\...\Run: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S [102400 2010-03-01] (ecm)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
    HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
    HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1103184 2010-12-16] (Trend Micro Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
    HKU\Calimero\...\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [773728 2012-12-04] (ZONER software)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [512360 2012-12-14] (Malwarebytes Corporation)
    HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\Calimero\Desktop\mbar-1.01.0.1017\mbar\mbar.exe" /cleanup /s [1358408 2013-01-18] (Malwarebytes Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    ==================== Services (Whitelisted) ===================
    3 Arrakis3; "C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe" [278224 2009-10-19] (BitDefender S.R.L. http://www.bitdefender.com)
    2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
    2 fsproflt; C:\Windows\SysWOW64\fsproflt.exe [73392 2009-03-09] (FSPro Labs)
    2 LIVESRV; "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service [409672 2011-12-02] (BitDefender S.R.L.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 OODefragAgent; "C:\Program Files\OO Software\Defrag\oodag.exe" [3288400 2012-03-28] (O&O Software GmbH)
    4 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-01] ()
    2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [439632 2010-12-16] (Trend Micro Inc.)
    3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [393728 2010-03-12] (S.C. BitDefender S.R.L)
    2 VSSERV; "C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe" /service [2299656 2010-03-24] (BitDefender S.R.L.)
    2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
    3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
    2 MSMQSVC; C:\Windows\system32\mqsv32.exe [x]
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
    ==================== Drivers (Whitelisted) =====================
    3 BDFM; C:\Windows\System32\Drivers\BDFM.sys [163936 2010-01-29] (BitDefender S.R.L. Bucharest, ROMANIA)
    1 BdfNdisf; C:\Windows\System32\DRIVERS\BdfNdisf6.sys [88144 2011-12-02] (BitDefender LLC)
    0 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [347336 2010-02-22] (BitDefender)
    1 bdfwfpf; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [89680 2011-12-02] (BitDefender LLC)
    2 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [103944 2010-01-19] (BitDefender)
    3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [69120 2010-09-24] (Fresco Logic)
    0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [55440 2008-06-06] (FSPro Labs)
    3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
    0 oodrvled; C:\Windows\System32\Drivers\oodrvled.sys [30800 2011-03-02] (O&O Software GmbH)
    3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1800192 2009-08-19] ()
    2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
    3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
    3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [x]
    3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
    3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [x]
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
    3 MBfilt; C:\Windows\System32\drivers\MBfilt64.sys [x]
    3 tmlwf; [x]
    3 tmwfp; [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2013-02-02 19:51 - 2013-02-02 19:51 - 00025522 ____A C:\ComboFix.txt
    2013-02-02 19:29 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-02-02 19:29 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-02-02 19:29 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-02-02 19:29 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-02-02 19:29 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-02-02 19:29 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2013-02-02 19:29 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2013-02-02 19:29 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2013-02-02 19:19 - 2013-02-02 19:51 - 00000000 ____D C:\Qoobox
    2013-02-02 19:18 - 2013-02-02 19:49 - 00000000 ____D C:\Windows\erdnt
    2013-02-02 19:14 - 2013-02-02 19:14 - 05029149 ____R (Swearware) C:\Users\Calimero\Desktop\ComboFix.exe
    2013-02-02 18:40 - 2013-02-02 18:40 - 00000000 ____D C:\Users\Calimero\Desktop\mbar-1.01.0.1017
    2013-02-02 18:38 - 2013-02-02 18:39 - 13562257 ____A C:\Users\Calimero\Desktop\mbar-1.01.0.1017.zip
    2013-02-02 18:37 - 2013-02-02 18:37 - 00002354 ____A C:\Users\Calimero\Desktop\RKreport[2]_D_03022013_033708.txt
    2013-02-02 18:36 - 2013-02-02 18:36 - 00002575 ____A C:\Users\Calimero\Desktop\RKreport[1]_S_03022013_033629.txt
    2013-02-02 18:35 - 2013-02-02 18:49 - 00000000 ____D C:\Users\Calimero\Desktop\RK_Quarantine
    2013-02-02 18:35 - 2013-02-02 18:35 - 00771072 ____A C:\Users\Calimero\Desktop\RogueKiller.exe
    2013-02-02 16:02 - 2013-02-02 16:02 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-02-02 15:43 - 2013-02-02 15:43 - 00019630 ____A C:\Users\Calimero\Desktop\dds.txt
    2013-02-02 15:43 - 2013-02-02 15:43 - 00017891 ____A C:\Users\Calimero\Desktop\attach.txt
    2013-02-02 15:25 - 2013-02-02 15:42 - 00688992 ____R (Swearware) C:\Users\Calimero\Downloads\dds.com
    2013-02-02 15:22 - 2013-02-02 15:22 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Malwarebytes
    2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-02 15:22 - 2012-12-14 07:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-02-02 15:20 - 2013-02-02 15:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Calimero\Downloads\mbam-setup-1.70.0.1100.exe
    2013-02-02 14:12 - 2013-02-02 15:32 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Puaquh
    2013-02-02 14:12 - 2013-02-02 14:14 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Odtoy
    2013-02-02 14:12 - 2013-02-02 14:13 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\tor
    2013-02-01 13:06 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Local\YoYo_Games_Ltd
    2013-02-01 13:06 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Local\GameMaker8.1
    2013-02-01 13:05 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\GameMaker
    2013-02-01 12:02 - 2013-02-01 12:02 - 00000000 ____D C:\Users\Calimero\AppData\Local\PreEmptive Solutions
    2013-02-01 09:51 - 2013-02-01 09:51 - 00000000 ____D C:\Users\Calimero\AppData\Local\CrashDumps
    2013-01-28 12:25 - 2013-01-28 12:25 - 00000980 ____A C:\Users\Calimero\Desktop\HPPSdr.exe - Raccourci.lnk
    2013-01-28 10:44 - 2013-01-11 18:30 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-01-28 10:44 - 2013-01-11 18:26 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-01-28 10:44 - 2013-01-11 18:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-01-28 10:43 - 2013-01-28 10:44 - 00004092 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
    2013-01-27 05:19 - 2013-01-27 05:19 - 00000913 ____A C:\Users\Calimero\Desktop\Surface_MysteryOfAnotherWorldCE.exe.exe - Raccourci.lnk
    2013-01-26 13:08 - 2013-01-27 03:59 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Elephant Games
    2013-01-26 13:08 - 2013-01-27 03:59 - 00000000 ____D C:\Users\All Users\Elephant Games
    2013-01-24 12:59 - 2013-01-24 12:59 - 00000000 ____D C:\Program Files\HP
    2013-01-24 12:59 - 2012-10-16 19:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPMa211.dll
    2013-01-13 12:49 - 2013-01-13 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\digipen
    2013-01-13 12:49 - 2013-01-13 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Local\digipen
    2013-01-13 06:13 - 2013-01-13 06:13 - 00000000 ____D C:\Users\Calimero\AppData\Local\DigitalVolcano
    2013-01-13 05:42 - 2013-01-13 05:42 - 00000000 ____D C:\Program Files (x86)\Duplicate Cleaner
    2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\Documents\ZPS15
    2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Zoner
    2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\AppData\Local\Zoner
    2013-01-12 05:37 - 2013-01-12 05:37 - 00000000 ____D C:\Users\All Users\Zoner
    2013-01-12 05:37 - 2013-01-12 05:37 - 00000000 ____D C:\Program Files\Zoner
    2013-01-10 13:03 - 2013-01-19 09:12 - 00000000 ____D C:\Program Files (x86)\Alawar
    2013-01-08 21:49 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
    2013-01-08 21:49 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
    2013-01-08 21:49 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2013-01-08 21:49 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2013-01-08 21:49 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
    2013-01-08 21:49 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
    2013-01-08 21:49 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
    2013-01-08 21:49 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
    2013-01-08 21:49 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
    2013-01-08 21:49 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
    2013-01-08 21:49 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
    2013-01-08 21:49 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
    2013-01-08 21:49 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
    2013-01-08 21:49 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
    2013-01-08 21:49 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
    2013-01-08 21:49 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
    2013-01-08 21:49 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
    2013-01-08 21:49 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
    2013-01-08 21:49 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
    2013-01-08 21:49 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
    2013-01-08 21:49 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2013-01-08 21:49 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-01-08 21:49 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-01-08 21:49 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-01-08 21:49 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-01-08 21:49 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-01-08 21:49 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-01-08 21:49 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-01-08 21:49 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-01-08 21:47 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2013-01-08 21:47 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-01-08 21:47 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-01-08 21:47 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2013-01-08 21:47 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-01-08 21:47 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2013-01-08 21:47 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-01-08 21:47 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-01-08 21:47 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-01-08 21:47 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-01-08 21:47 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-01-08 21:47 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-01-08 21:47 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-01-08 21:47 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-01-08 21:47 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
    2013-01-08 21:47 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
    2013-01-08 21:45 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-01-08 21:45 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-01-07 13:20 - 2013-01-07 13:21 - 00000649 ____A C:\Users\Calimero\AppData\Roaming\SolEol.cfg
    2013-01-07 13:20 - 2013-01-07 13:20 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\SolEol
    2013-01-06 06:35 - 2013-01-06 06:35 - 00000883 ____A C:\Users\Calimero\Desktop\_Photos - Raccourci.lnk

    ==================== One Month Modified Files and Folders =======
    2013-02-03 05:36 - 2013-02-03 05:36 - 00000000 ____D C:\FRST
    2013-02-02 20:29 - 2009-08-04 02:03 - 00745268 ____A C:\Windows\System32\perfh00C.dat
    2013-02-02 20:29 - 2009-08-04 02:03 - 00148786 ____A C:\Windows\System32\perfc00C.dat
    2013-02-02 20:29 - 2009-07-13 21:13 - 01662566 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-02-02 20:25 - 2012-04-23 04:29 - 00613848 ____A C:\Windows\System32\oodbs.lor
    2013-02-02 20:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-02-02 20:24 - 2009-07-13 20:51 - 00100714 ____A C:\Windows\setupact.log
    2013-02-02 20:19 - 2010-11-04 00:39 - 00116824 ____A C:\Windows\PFRO.log
    2013-02-02 19:51 - 2013-02-02 19:51 - 00025522 ____A C:\ComboFix.txt
    2013-02-02 19:51 - 2013-02-02 19:19 - 00000000 ____D C:\Qoobox
    2013-02-02 19:49 - 2013-02-02 19:18 - 00000000 ____D C:\Windows\erdnt
    2013-02-02 19:48 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2013-02-02 19:14 - 2013-02-02 19:14 - 05029149 ____R (Swearware) C:\Users\Calimero\Desktop\ComboFix.exe
    2013-02-02 18:49 - 2013-02-02 18:35 - 00000000 ____D C:\Users\Calimero\Desktop\RK_Quarantine
    2013-02-02 18:40 - 2013-02-02 18:40 - 00000000 ____D C:\Users\Calimero\Desktop\mbar-1.01.0.1017
    2013-02-02 18:39 - 2013-02-02 18:38 - 13562257 ____A C:\Users\Calimero\Desktop\mbar-1.01.0.1017.zip
    2013-02-02 18:37 - 2013-02-02 18:37 - 00002354 ____A C:\Users\Calimero\Desktop\RKreport[2]_D_03022013_033708.txt
    2013-02-02 18:36 - 2013-02-02 18:36 - 00002575 ____A C:\Users\Calimero\Desktop\RKreport[1]_S_03022013_033629.txt
    2013-02-02 18:35 - 2013-02-02 18:35 - 00771072 ____A C:\Users\Calimero\Desktop\RogueKiller.exe
    2013-02-02 16:04 - 2011-01-15 06:54 - 00045056 ____A C:\Windows\System32\acovcnt.exe
    2013-02-02 16:02 - 2013-02-02 16:02 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-02-02 15:43 - 2013-02-02 15:43 - 00019630 ____A C:\Users\Calimero\Desktop\dds.txt
    2013-02-02 15:43 - 2013-02-02 15:43 - 00017891 ____A C:\Users\Calimero\Desktop\attach.txt
    2013-02-02 15:42 - 2013-02-02 15:25 - 00688992 ____R (Swearware) C:\Users\Calimero\Downloads\dds.com
    2013-02-02 15:34 - 2011-01-16 03:57 - 00000376 ____A C:\Users\Calimero\AppData\Roamingprivacy.xml
    2013-02-02 15:34 - 2010-11-04 00:51 - 00001617 ____A C:\Windows\System32\ServiceFilter.ini
    2013-02-02 15:33 - 2010-11-04 00:20 - 01160987 ____A C:\Windows\WindowsUpdate.log
    2013-02-02 15:32 - 2013-02-02 14:12 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Puaquh
    2013-02-02 15:22 - 2013-02-02 15:22 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Malwarebytes
    2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-02-02 15:22 - 2013-02-02 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-02 15:21 - 2013-02-02 15:20 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Calimero\Downloads\mbam-setup-1.70.0.1100.exe
    2013-02-02 14:14 - 2013-02-02 14:12 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Odtoy
    2013-02-02 14:13 - 2013-02-02 14:12 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\tor
    2013-02-02 13:29 - 2012-03-02 13:23 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\vlc
    2013-02-02 01:27 - 2011-01-22 04:50 - 00000000 ____D C:\Users\Calimero\AppData\Local\QuickPar
    2013-02-01 13:06 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Local\YoYo_Games_Ltd
    2013-02-01 13:06 - 2013-02-01 13:06 - 00000000 ____D C:\Users\Calimero\AppData\Local\GameMaker8.1
    2013-02-01 13:06 - 2013-02-01 13:05 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\GameMaker
    2013-02-01 13:03 - 2011-01-23 02:33 - 00000000 ____D C:\Users\Calimero\Desktop\Games
    2013-02-01 12:22 - 2011-01-15 15:11 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\NewsLeecher
    2013-02-01 12:19 - 2011-01-15 15:10 - 00000000 ____D C:\Program Files (x86)\NewsLeecher
    2013-02-01 12:02 - 2013-02-01 12:02 - 00000000 ____D C:\Users\Calimero\AppData\Local\PreEmptive Solutions
    2013-02-01 12:02 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-02-01 12:02 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-02-01 09:51 - 2013-02-01 09:51 - 00000000 ____D C:\Users\Calimero\AppData\Local\CrashDumps
    2013-02-01 09:51 - 2011-01-16 03:57 - 00000052 ____A C:\Windows\System32\ashttpstats.csv
    2013-01-28 12:25 - 2013-01-28 12:25 - 00000980 ____A C:\Users\Calimero\Desktop\HPPSdr.exe - Raccourci.lnk
    2013-01-28 10:44 - 2013-01-28 10:43 - 00004092 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
    2013-01-28 10:44 - 2012-09-02 03:10 - 00000000 ____D C:\Program Files (x86)\Java
    2013-01-27 05:19 - 2013-01-27 05:19 - 00000913 ____A C:\Users\Calimero\Desktop\Surface_MysteryOfAnotherWorldCE.exe.exe - Raccourci.lnk
    2013-01-27 03:59 - 2013-01-26 13:08 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Elephant Games
    2013-01-27 03:59 - 2013-01-26 13:08 - 00000000 ____D C:\Users\All Users\Elephant Games
    2013-01-25 12:56 - 2011-10-22 14:27 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Doublefine
    2013-01-24 12:59 - 2013-01-24 12:59 - 00000000 ____D C:\Program Files\HP
    2013-01-24 12:59 - 2012-05-18 08:20 - 00000000 ____D C:\Users\All Users\HP
    2013-01-24 12:59 - 2012-05-18 08:20 - 00000000 ____D C:\Program Files (x86)\HP
    2013-01-22 09:01 - 2011-01-31 11:27 - 00000000 ____D C:\Users\Calimero\AppData\Local\Windows Live
    2013-01-19 09:12 - 2013-01-10 13:03 - 00000000 ____D C:\Program Files (x86)\Alawar
    2013-01-13 12:49 - 2013-01-13 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\digipen
    2013-01-13 12:49 - 2013-01-13 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Local\digipen
    2013-01-13 11:48 - 2011-07-26 12:49 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Azureus
    2013-01-13 11:48 - 2011-01-15 06:57 - 00415308 ____A C:\Windows\DirectX.log
    2013-01-13 06:13 - 2013-01-13 06:13 - 00000000 ____D C:\Users\Calimero\AppData\Local\DigitalVolcano
    2013-01-13 06:13 - 2011-12-20 12:48 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\foobar2000
    2013-01-13 05:55 - 2011-07-26 12:49 - 00000000 ____D C:\Program Files (x86)\Vuze
    2013-01-13 05:42 - 2013-01-13 05:42 - 00000000 ____D C:\Program Files (x86)\Duplicate Cleaner
    2013-01-13 01:47 - 2010-11-04 00:51 - 00002362 ____A C:\Windows\System32\AutoRunFilter.ini
    2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\Documents\ZPS15
    2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\Zoner
    2013-01-12 05:40 - 2013-01-12 05:40 - 00000000 ____D C:\Users\Calimero\AppData\Local\Zoner
    2013-01-12 05:37 - 2013-01-12 05:37 - 00000000 ____D C:\Users\All Users\Zoner
    2013-01-12 05:37 - 2013-01-12 05:37 - 00000000 ____D C:\Program Files\Zoner
    2013-01-11 18:30 - 2013-01-28 10:44 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-01-11 18:26 - 2013-01-28 10:44 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-01-11 18:24 - 2013-01-28 10:44 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-01-11 09:55 - 2011-11-08 09:50 - 00000000 ____D C:\divx
    2013-01-10 15:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-01-10 13:12 - 2011-12-28 10:59 - 00000000 ____D C:\Users\All Users\Fugazo
    2013-01-10 11:21 - 2012-04-24 07:50 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-01-10 11:21 - 2011-06-14 12:00 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-01-10 05:20 - 2009-07-13 20:45 - 03001144 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-01-08 22:12 - 2011-10-25 12:11 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2013-01-08 22:12 - 2011-01-28 10:14 - 01644828 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-01-08 22:02 - 2011-01-15 13:47 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-01-08 00:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-01-07 13:21 - 2013-01-07 13:20 - 00000649 ____A C:\Users\Calimero\AppData\Roaming\SolEol.cfg
    2013-01-07 13:20 - 2013-01-07 13:20 - 00000000 ____D C:\Users\Calimero\AppData\Roaming\SolEol
    2013-01-06 06:35 - 2013-01-06 06:35 - 00000883 ____A C:\Users\Calimero\Desktop\_Photos - Raccourci.lnk
    2013-01-05 16:06 - 2012-07-22 08:08 - 00000000 ____D C:\Users\Calimero\Documents\SavedGames
    2013-01-05 14:21 - 2011-01-16 09:47 - 00000000 ____D C:\Users\Calimero\Documents\My Games

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================

    ==================== Memory info ===========================
    Percentage of memory in use: 11%
    Total physical RAM: 6068.36 MB
    Available physical RAM: 5366.33 MB
    Total Pagefile: 6066.51 MB
    Available Pagefile: 5350.89 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB
    ==================== Partitions =============================
    1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:47.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (DATA) (Fixed) (Total:327.83 GB) (Free:86.39 GB) NTFS
    4 Drive f: (USB DISK) (Removable) (Total:7.21 GB) (Free:3.6 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 7389 MB 0 B
    Partitions of Disk 0:
    ===============
    Disk ID: E0C5913D
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 21 GB 31 KB
    Partition 2 Primary 116 GB 21 GB
    Partition 0 Extended 327 GB 137 GB
    Partition 3 Logical 327 GB 137 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 1C
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OS NTFS Partition 116 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D DATA NTFS Partition 327 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Disk ID: C3072E18
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7385 MB 4032 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F USB DISK FAT32 Removable 7385 MB Healthy
    =========================================================
    Last Boot: 2013-01-23 15:53
    ==================== End Of Log =============================
  6. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can start normally.

    Attached Files:

  7. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-02-2013 02
    Ran by SYSTEM at 2013-02-03 07:02:24 Run:1
    Running from F:\
    ==============================================
    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.
    ==== End of Fixlog ====
  8. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    Restarted in normal mode and it worked fine.

    Do I have to do anything more (additional check, ...)?
  9. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Good news :)

    Bed time here but if you have some time I want you to re-run MBAM, RogueKiller, MBAR and Combofix, in that sequence.
  10. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    MBAM log:

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.02.03.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Calimero :: ASUS_CAL [administrator]
    Protection: Disabled
    3/02/2013 07:21:12
    mbam-log-2013-02-03 (07-21-12).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 266141
    Time elapsed: 5 minute(s), 15 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  11. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    RogueKiller logs (before and after a delete). I did it via an uploaded file since the browser (IE) is stuck when I do a copy/paste.

    Attached Files:

     
  12. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    MBAR log:

    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    www.malwarebytes.org
    Database version: v2013.02.03.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Calimero :: ASUS_CAL [administrator]
    3/02/2013 07:51:41
    mbar-log-2013-02-03 (07-51-41).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 31920
    Time elapsed: 9 minute(s), 52 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  13. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    Combofix log:

    ComboFix 13-02-02.05 - Calimero 03/02/2013 7:57.1.8 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.6068.4149 [GMT 1:00]
    Lancé depuis: c:\users\Calimero\Desktop\ComboFix.exe
    AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
    FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
    SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2013-01-03 au 2013-02-03 ))))))))))))))))))))))))))))))))))))
    .
    .
    2013-02-03 13:36 . 2013-02-03 13:36 -------- d-----w- C:\FRST
    2013-02-03 07:07 . 2013-02-03 07:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-02-03 07:07 . 2013-02-03 07:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-03 07:07 . 2013-02-03 07:07 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
    2013-02-03 00:02 . 2013-02-03 00:02 -------- d-----w- c:\program files (x86)\ESET
    2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\users\Calimero\AppData\Roaming\Malwarebytes
    2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\programdata\Malwarebytes
    2013-02-02 23:22 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-02 23:22 . 2013-02-02 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-02-02 22:12 . 2013-02-02 23:32 -------- d-----w- c:\users\Calimero\AppData\Roaming\Puaquh
    2013-02-02 22:12 . 2013-02-02 22:14 -------- d-----w- c:\users\Calimero\AppData\Roaming\Odtoy
    2013-02-02 22:12 . 2013-02-02 22:13 -------- d-----w- c:\users\Calimero\AppData\Roaming\tor
    2013-02-01 21:06 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Local\GameMaker8.1
    2013-02-01 21:06 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Local\YoYo_Games_Ltd
    2013-02-01 21:05 . 2013-02-01 21:06 -------- d-----w- c:\users\Calimero\AppData\Roaming\GameMaker
    2013-02-01 20:02 . 2013-02-01 20:02 -------- d-----w- c:\users\Calimero\AppData\Local\PreEmptive Solutions
    2013-02-01 17:51 . 2013-02-01 17:51 -------- d-----w- c:\users\Calimero\AppData\Local\CrashDumps
    2013-01-28 18:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-26 21:08 . 2013-01-27 11:59 -------- d-----w- c:\users\Calimero\AppData\Roaming\Elephant Games
    2013-01-26 21:08 . 2013-01-27 11:59 -------- d-----w- c:\programdata\Elephant Games
    2013-01-24 20:59 . 2012-10-17 03:31 741480 ------w- c:\windows\system32\HPDiscoPMa211.dll
    2013-01-24 20:59 . 2013-01-24 20:59 -------- d-----w- c:\program files\HP
    2013-01-13 20:49 . 2013-01-13 20:49 -------- d-----w- c:\users\Calimero\AppData\Roaming\digipen
    2013-01-13 20:49 . 2013-01-13 20:49 -------- d-----w- c:\users\Calimero\AppData\Local\digipen
    2013-01-13 14:13 . 2013-01-13 14:13 -------- d-----w- c:\users\Calimero\AppData\Local\DigitalVolcano
    2013-01-13 13:42 . 2013-01-13 13:42 -------- d-----w- c:\program files (x86)\Duplicate Cleaner
    2013-01-12 13:40 . 2013-01-12 13:40 -------- d-----w- c:\users\Calimero\AppData\Local\Zoner
    2013-01-12 13:40 . 2013-01-12 13:40 -------- d-----w- c:\users\Calimero\AppData\Roaming\Zoner
    2013-01-12 13:37 . 2013-01-12 13:37 -------- d-----w- c:\programdata\Zoner
    2013-01-12 13:37 . 2013-01-12 13:37 -------- d-----w- c:\program files\Zoner
    2013-01-10 21:03 . 2013-01-19 17:12 -------- d-----w- c:\program files (x86)\Alawar
    2013-01-09 05:47 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 05:45 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 05:45 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-07 21:20 . 2013-01-07 21:20 -------- d-----w- c:\users\Calimero\AppData\Roaming\SolEol
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-03 06:31 . 2011-01-15 14:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2013-01-10 19:21 . 2012-04-24 15:50 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-10 19:21 . 2011-06-14 20:00 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 06:02 . 2011-01-15 21:47 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-19 21:08 . 2012-09-02 11:11 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-12-19 21:08 . 2011-10-25 19:57 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-16 17:11 . 2012-12-21 22:17 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 22:17 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:17 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-01 14:21 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-12-01 14:21 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-12-01 12:24 . 2012-12-01 12:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-12-01 12:22 . 2012-12-01 12:22 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-11-30 04:45 . 2013-01-09 05:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-14 07:06 . 2012-12-13 05:27 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-13 05:27 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-13 05:27 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-13 05:27 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-13 05:27 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-13 05:27 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-13 05:27 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-13 05:27 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-13 05:27 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-13 05:27 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-13 05:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-13 05:27 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-13 05:27 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-13 05:27 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-13 05:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-13 05:27 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-13 05:27 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-13 05:27 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-13 05:27 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-13 05:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-13 05:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-13 05:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-13 01:12 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-13 01:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Z1"="c:\users\Calimero\Desktop\mbar-1.01.0.1017\mbar\mbar.exe" [2013-01-18 1358408]
    .
    c:\users\Calimero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Alertes de surveillance de l'encre - HP Deskjet 3070 B611 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MSMQSVC;Message Queuing Service;c:\windows\system32\mqsv32.exe [x]
    R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-04 79360]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-31 1038088]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
    R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
    R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-06-18 53312]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1255736]
    S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-06 55440]
    S0 oodrvled;oodrvled;c:\windows\system32\DRIVERS\oodrvled.sys [2011-03-02 30800]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2011-12-02 88144]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2011-12-02 89680]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
    S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-01-19 103944]
    S2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2009-03-09 73392]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-03-28 3288400]
    S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-01-29 163936]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-09-24 229376]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-09-24 69120]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 318056]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [BU]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
    "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2012-11-02 1704568]
    "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-03-28 3998032]
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.be/
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Calimero\AppData\Roaming\Mozilla\Firefox\Profiles\7bcnnfzp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    AddRemove-A Walk In The Dark (c) Flying Turtle Software_is1 - d:\games\A Walk In The Dark\unins000.exe
    AddRemove-Dishonored (c) Bethesda Softworks_is1 - d:\games\Dishonored\unins000.exe
    AddRemove-GOGPACKSCREAMER2_is1 - d:\games\GOG.com\Screamer 2\unins000.exe
    AddRemove-HackerEvolutionDuality - d:\games\HackerEvolution\uninstall.exe
    AddRemove-Ootake_is1 - d:\games\Emuls\Ootake\unins000.exe
    AddRemove-Rollercoaster Rush_is1 - d:\games\Reflexive\Rollercoaster Rush\ReflexiveArcade\unins000.exe
    AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
    AddRemove-Zumas Revenge! - Adventure_is1 - d:\games\Reflexive\Zumas Revenge! - Adventure\ReflexiveArcade\unins000.exe
    AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-3955869695-4156559446-3699184568-1002\Software\SecuROM\License information*]
    "datasecu"=hex:0e,06,4d,74,33,13,96,83,da,f1,50,1c,dc,33,d6,92,8b,42,52,69,94,
    e4,8e,77,6c,e9,70,9b,f8,a7,04,59,7e,01,68,07,f9,39,b0,d9,b7,79,e8,23,39,b7,\
    "rkeysecu"=hex:12,40,19,d4,7b,f1,83,63,b1,ec,fb,fe,15,5c,10,cb
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODLED04.00.00.01PRO"="E1224628CBB33A7F3882D6CAB871D9DFEA1B66BCE34E276E0CCDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98085D575E7D6A3B980819A297E7EE2EF7AE8624D30A399E2BCFB4AF24A6F93F143EB93EE2E5A482905C87483B03C022695966D3FEDEB161A43B7FD77E68030EF29F73E9FACECF5F1F5F8BC1A407B49997F7EE88261E4E8784496EF548E15145F02061479ACFA8D77C960DF938DEAA92A5BD9FDE1110D8541E19BCFCC957380E33ED163CAB4AA91840DE966AA328E6E0BC551D894C317F60CAC346731142EB63622E48455C5431A205065A255337112B08DAB14D272ED19667528F7370CE8898AC76D1719F36034DE852294D7D9237EB36DFC903B6ECC6B8D3C13C2BF9DC8CD04451B3E4A970C7410FF97D9C97F149F07C69F519D285B5D77485965C8A825905DEBE8FD5F6B00A7D1D2B725EDBC61BDE91EF6B109740DEDBB2828D5EBB07B68135B12C0FC35F3AD23F8347724C32662C31E082FB6520E003FB14329AF1E6CCE80611F4701394A9E6A398E0CEA88AC5239A9D38086057C3DA3F07BA1050D3AC2E91B878EDAA9D1134FB72C67AF95BB9E0137A2E706FCB6FC8729D01D0BFB0471C1FF5EA0E95FD0B07FE0CA4110CE2A7DBDFC1A987419B31838D8D8282EE17734DF70D21ECA1691904E8564AC46D14D8574EAE12B043153A178D82E1DF4E536B3268349638604A1C1E77342CD77093F6F02E7374E72C3C21E17398643892664D12C2176B35A7BC5C20EC7FE1242CBD1495D23404B772485E1BC2E3F36BB5831C05DDD4E039921406A89082A895FC21A588138B1243D124CF4784681FF1F3143DF59200DF317F5528A82C7E5D2B027E82DF4A059ABECBEF3743C5211855CFB4FB27BD20709A10B835E48F27067B9D4EE688D9A1B873A47FB8BF977B33B38D3686ADC2AF440B2AAD85F90D24CAACF6B974BE25D62E4063D9DE3F0E5AEA3FB51C6F70061E2DA7F8D4D4D2FA9276FB7921AE96928EDF94D3BB161AC113DEBE9520AD2F714E21AC6904C1B23380F93A54157EF60FA5D6F68812317C50EF4F0CC0AD99F7F196BCE9AD44CF2F177367CA7ADCAF9A096B3E7FD282E365D72F211688E674317A443EC1BC53653185E279A52373730F75A6E8DC4DE449A80082E0DD891EDD13001308AC5122D0F7E8BB0AD8CA065DB94A8FCBCED2C25DEEEF10BA7A9D5D5EAA7CB8A1B367D73F14285D99822E79E54E05D37E2C03DD8232D471001669605E586DDA35F843CC44EBB51B4B585261E9D9A49240DCC2A8FC455EB5A8EFCF19AED0D316922D690F57B981BE6821FC8A2A3AAC64EEDEBAC977C8425E4D59F9AA801DB6762D18A55ED3898282DB3BBAF2CAA1A4CE11C3569E7F3638E12CB7D5EDE91A"
    "OODEFRAG15.00.00.01PROFESSIONAL"="236EE06FA09AE09B0FA0644328B651E4244E55B9544617B1F405C951E07DDB30710552F254FD8E90143B83C1969C9B5BE1CEDAFBD32FF55432B6ECE4AE72EBF84DE9E8C848FB567E5B93E307153B8CED9AE580B27B8DAAC8736A5741D160B1BF4FF5BDC61863E777C71CD44919CB96E2A1BDE7973F2411A599A31EBFD9330B8C83257D0913EA45943467B504CEEB8382BAA44727C8995302F6086E000DB9A9E86A9766EE392845F16C30FBF8951DEC18220C68237377F2FED1E3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98085D575E7D6A3B9808F42F1B801C5E3A566EA8644BF70FEAC723B09438B45D53ECFAA0E2DCE2122690F7DC73D2211EAC828FB1C184267D953BE3C6CE131336107A3B16AAC8A1573A8A5780471A9A90D98693E81BB7A1DCEC3854E51933443383FD4AFC73B2EED4ECCA7FF1AC2E1C19352A3AA60645E2DEF061AD892624487B5894F690296EEE43B685F34E71CD0EA2A4DBDC094975B6BF937D396F5AD2EEB7AF7D215171B5985E859547759318AB17012C6371E1F03F3D3E775899CE93DE191D1D3C0220A235E5B8F5A40C461584681AD3CB0402C76F98C8DDFB4ED11E91D0A97A4F294137631DA7C7C8F9722DFC8B30AAAA2A0C6B92950564AC97650E54155042F91292D6184C19D0056AB2AD4C78FAAEA49119B2C201B3E184C33E63CAA101C3E9CB86CB183ECBF83E4FD6C67EACA203F32BF557F0260D513565C50068B52073E32AC44000C36FCEEDDA6210F1A8C7EB672CA3F7E358BCD07F529AAB781206E841442746BCAEA98121070C025DEF7955618DD597B26BE0243C248D13187EFDDF6D74BB5090D814E6F98F41F9460C404BD70C761C4CB90C31563AA3443A4649B8E8DAC5B9151CBAF62D739F3A898A940054A920CF6EA246044D3597B222B61AF7C659BBBBB3D89ECF84F67BE5567964CAF52CA461AF068A4A337CD5B66CA21AC3329847F82AF336B1DBA35C08B0F01323709A87E2F749C658313A808B0561E4696402C8758CD2698026C47D0EEF8575A90843824C85D65FA4805A6DCFAECD89D72FC6D019C0E29447E76ACFC94158D59D96378175E71DAA49F1922407FDC58D24F5D7A6B0829289323A69F4EEA20773670C4CA49E040C7306685665195E2CE806B2ED44EB5F560E11C9D9C41968367E8EE99A41691399F8BC5A6120510C6785576F84D9DFBBA55AD9D9174C433B109D434780DFDCA141EE7555B0FADE9AE2459A4ED948844DFB9B25BDC049D095C0EB564D1E3CE111FD7BDAF5074F556E8CFBF203F027B69E58F2AFDFBC3086C878F4BDB9D8C7C89454BA3B70E92A2C40D772A755113F360EBFF4DA3DB2A80DF66C3E13E05926C3B5473A0A0D254E3EA0BA"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Heure de fin: 2013-02-03 08:11:00
    ComboFix-quarantined-files.txt 2013-02-03 07:10
    ComboFix2.txt 2013-02-03 03:51
    .
    Avant-CF: 50.307.764.224 octets libres
    Après-CF: 50.131.181.568 octets libres
    .
    - - End Of File - - FE5BE41B27617ABDAAAE7DB475E40165
  14. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    All looks good.

    How is computer doing?

    ==========================

    Reset Internet Explorer.
    Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
    Make sure you follow ALL steps listed there.

    ===========================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    ==========================

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    ==========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  15. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    Hi,

    All looks good. I'll run all the programs you specified in your last post to be sure but I'm quite relieved. You have been my good angel:).

    The question is now: what do you prefer? A donation via Paypal or true Belgian chocolate when my godfather is passing by here before going back to the US where he'll be able to post it to you?
  16. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Hahaha...I'll leave it up to you :)
  17. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    AwdCleaner log:

    # AdwCleaner v2.109 - Rapport créé le 03/02/2013 à 19:59:44
    # Mis à jour le 26/01/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Calimero - ASUS_CAL
    # Mode de démarrage : Normal
    # Exécuté depuis : D:\Usenet\_Firefox\adwcleaner.exe
    # Option [Suppression]


    ***** [Services] *****


    ***** [Fichiers / Dossiers] *****

    Dossier Supprimé : C:\ProgramData\Partner
    Dossier Supprimé : C:\ProgramData\Trymedia

    ***** [Registre] *****

    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

    ***** [Navigateurs] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Mozilla Firefox v18.0.1 (en-US)

    Fichier : C:\Users\Calimero\AppData\Roaming\Mozilla\Firefox\Profiles\7bcnnfzp.default\prefs.js

    C:\Users\Calimero\AppData\Roaming\Mozilla\Firefox\Profiles\7bcnnfzp.default\user.js ... Supprimé !

    [OK] Le fichier ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[R1].txt - [1265 octets] - [03/02/2013 19:57:56]
    AdwCleaner[S1].txt - [1305 octets] - [03/02/2013 19:59:44]

    ########## EOF - C:\AdwCleaner[S1].txt - [1365 octets] ##########
  18. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Did you reset IE?
  19. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    Yes. Here is JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.2 (02.02.2013:2)
    OS: Windows 7 Home Premium x64
    Ran by Calimero on dim. 03/02/2013 at 20:04:58,32
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Calimero\AppData\Roaming\mozilla\firefox\profiles\7bcnnfzp.default\minidumps [66 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on dim. 03/02/2013 at 20:15:48,21
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  20. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Is IE better now?
  21. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    IE is fine. Here are the last logs (for OTL).

    Attached Files:

  22. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Please observe forum rules.
    All logs have to be pasted not attached.
  23. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    Ooops. Sorry for that. Here the pasted logs.

    OTL.txt (part1):

    OTL logfile created on: 03/02/2013 20:18:12 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Calimero\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

    5,93 Gb Total Physical Memory | 4,01 Gb Available Physical Memory | 67,62% Memory free
    11,85 Gb Paging File | 9,59 Gb Available in Paging File | 80,97% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116,44 Gb Total Space | 47,11 Gb Free Space | 40,46% Space Free | Partition Type: NTFS
    Drive D: | 327,83 Gb Total Space | 86,39 Gb Free Space | 26,35% Space Free | Partition Type: NTFS
    Drive H: | 7,21 Gb Total Space | 7,19 Gb Free Space | 99,72% Space Free | Partition Type: FAT32

    Computer Name: ASUS_CAL | User Name: Calimero | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/03 19:50:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calimero\Desktop\OTL.exe
    PRC - [2012/12/04 17:20:52 | 000,773,728 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
    PRC - [2012/12/01 13:22:20 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/12/17 08:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
    PRC - [2010/12/17 08:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
    PRC - [2010/11/04 09:51:41 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
    PRC - [2010/10/07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2010/10/07 09:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2010/09/23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2010/08/17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009/10/01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/10/01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/07/31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2009/03/09 10:46:46 | 000,073,392 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe
    PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/09/23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    MOD - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/03/28 17:04:02 | 003,288,400 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
    SRV:64bit: - [2011/12/02 22:14:18 | 000,409,672 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV:64bit: - [2011/01/31 22:31:46 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2010/06/22 19:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2010/04/17 00:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/03/24 12:43:38 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
    SRV:64bit: - [2010/03/12 16:42:40 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
    SRV:64bit: - [2009/10/19 20:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2013/01/16 21:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/01 13:22:20 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/01/31 22:30:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/12/17 08:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
    SRV - [2010/11/04 09:52:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2009/10/01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/10/01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/09 10:46:46 | 000,073,392 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/02 22:14:28 | 000,088,144 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BdfNdisf6.sys -- (BdfNdisf)
    DRV:64bit: - [2011/12/02 22:14:21 | 000,089,680 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
    DRV:64bit: - [2011/06/18 23:58:43 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/02 15:48:56 | 000,030,800 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\OODrvled.sys -- (oodrvled)
    DRV:64bit: - [2010/11/20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2010/11/20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010/11/20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/24 19:24:26 | 000,229,376 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2010/09/24 19:24:26 | 000,069,120 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
    DRV:64bit: - [2010/07/26 04:27:33 | 000,318,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2010/04/21 08:47:49 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/04/17 00:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/03/05 04:19:45 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/03/03 12:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/02 09:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/02/22 14:57:54 | 000,347,336 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV:64bit: - [2010/01/29 14:47:04 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
    DRV:64bit: - [2010/01/19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
    DRV:64bit: - [2009/12/17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009/12/14 09:03:49 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2009/10/20 19:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2009/09/17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/08/20 03:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV:64bit: - [2009/08/09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/13 17:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
    DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2008/06/06 14:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
    DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Calimero\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2012/05/28 14:15:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/03 08:13:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 21:41:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2011/12/02 22:16:46 | 000,000,000 | ---D | M]

    [2011/01/15 23:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calimero\AppData\Roaming\mozilla\Extensions
    [2012/12/09 17:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calimero\AppData\Roaming\mozilla\Firefox\Profiles\7bcnnfzp.default\extensions
    [2012/12/09 17:50:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Calimero\AppData\Roaming\mozilla\Firefox\Profiles\7bcnnfzp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/02/03 08:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/02 12:11:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/11/03 16:26:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/01/16 21:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/01/16 21:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/16 21:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2013/02/03 04:48:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
    O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
    O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe (ecm)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
    O4 - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002..\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE (ZONER software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O7 - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3955869695-4156559446-3699184568-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.10.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ACCF41E-0369-4C73-8D8E-989C8CFF5C66}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (OODBS)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/03 20:04:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/02/03 20:04:36 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/03 20:04:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Calimero\Desktop\OTL.exe
    [2013/02/03 20:04:07 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Calimero\Desktop\JRT.exe
    [2013/02/03 19:38:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/02/03 14:36:58 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/02/03 08:14:09 | 000,000,000 | ---D | C] -- C:\Users\Calimero\Desktop\AV
    [2013/02/03 04:51:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/02/03 04:29:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/02/03 04:29:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/02/03 04:29:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/02/03 04:19:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/03 04:18:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/02/03 01:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/02/03 00:22:24 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\Malwarebytes
    [2013/02/03 00:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/03 00:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/02/03 00:22:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/02/03 00:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/02/02 23:12:03 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\tor
    [2013/02/02 23:12:03 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\Puaquh
    [2013/02/02 23:12:03 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\Odtoy
    [2013/02/01 22:06:25 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Local\GameMaker8.1
    [2013/02/01 22:06:21 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Local\YoYo_Games_Ltd
    [2013/02/01 22:05:42 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker 8.1
    [2013/02/01 22:05:42 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\GameMaker
    [2013/02/01 21:02:25 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Local\PreEmptive Solutions
    [2013/02/01 18:51:02 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Local\CrashDumps
    [2013/02/01 18:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLeecher
    [2013/01/26 22:08:54 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\Elephant Games
    [2013/01/26 22:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games
    [2013/01/24 21:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2013/01/24 21:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2013/01/13 21:49:45 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\digipen
    [2013/01/13 21:49:45 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Local\digipen
    [2013/01/13 15:13:28 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Local\DigitalVolcano
    [2013/01/13 14:42:12 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner
    [2013/01/13 14:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duplicate Cleaner
    [2013/01/12 14:40:04 | 000,000,000 | ---D | C] -- C:\Users\Calimero\Documents\ZPS15
    [2013/01/12 14:40:03 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\Zoner
    [2013/01/12 14:40:03 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Local\Zoner
    [2013/01/12 14:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoner
    [2013/01/12 14:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 15
    [2013/01/12 14:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Zoner
    [2013/01/10 22:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alawar
    [2013/01/07 22:20:55 | 000,000,000 | ---D | C] -- C:\Users\Calimero\AppData\Roaming\SolEol
    [2012/04/25 22:02:53 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Calimero\AppData\Roaming\pcouffin.sys
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/03 20:08:37 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/03 20:08:37 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/03 20:01:27 | 000,002,010 | ---- | M] () -- C:\Users\Calimero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 3070 B611 series.lnk
    [2013/02/03 20:01:26 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
    [2013/02/03 20:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/03 20:01:08 | 477,384,703 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/03 20:01:07 | 000,621,504 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
    [2013/02/03 20:00:30 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
    [2013/02/03 19:50:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calimero\Desktop\OTL.exe
    [2013/02/03 19:49:58 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Calimero\Desktop\JRT.exe
    [2013/02/03 05:29:42 | 001,662,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/03 05:29:42 | 000,745,268 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2013/02/03 05:29:42 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/03 05:29:42 | 000,148,786 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2013/02/03 05:29:42 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/03 04:48:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/02/03 00:34:39 | 000,001,617 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
    [2013/02/01 21:19:41 | 000,001,003 | ---- | M] () -- C:\Users\Calimero\Application Data\Microsoft\Internet Explorer\Quick Launch\NewsLeecher.lnk
    [2013/01/28 21:29:50 | 000,406,911 | ---- | M] () -- C:\Users\Calimero\Documents\Scan0005.jpg
    [2013/01/28 21:28:09 | 000,426,278 | ---- | M] () -- C:\Users\Calimero\Documents\Scan0004.jpg
    [2013/01/28 21:25:36 | 000,000,980 | ---- | M] () -- C:\Users\Calimero\Desktop\HPPSdr.exe - Raccourci.lnk
    [2013/01/27 21:07:19 | 000,143,585 | ---- | M] () -- C:\Users\Calimero\Documents\Scan0003.jpg
    [2013/01/27 14:19:52 | 000,000,913 | ---- | M] () -- C:\Users\Calimero\Desktop\Surface_MysteryOfAnotherWorldCE.exe.exe - Raccourci.lnk
    [2013/01/13 14:55:03 | 000,001,854 | ---- | M] () -- C:\Users\Calimero\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2013/01/13 10:47:18 | 000,002,362 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
    [2013/01/12 14:37:33 | 000,001,904 | ---- | M] () -- C:\Users\Calimero\Application Data\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 15.lnk
    [2013/01/12 14:37:33 | 000,001,904 | ---- | M] () -- C:\Users\Calimero\Application Data\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 15 x64.lnk
    [2013/01/10 14:20:59 | 003,001,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/09 07:12:13 | 001,644,828 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/01/07 22:21:24 | 000,000,649 | ---- | M] () -- C:\Users\Calimero\AppData\Roaming\SolEol.cfg
    [2013/01/06 15:35:45 | 000,000,883 | ---- | M] () -- C:\Users\Calimero\Desktop\_Photos - Raccourci.lnk
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/03 08:13:02 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/02/03 04:29:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/02/03 04:29:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/02/03 04:29:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/02/03 04:29:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/02/03 04:29:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/28 21:29:50 | 000,406,911 | ---- | C] () -- C:\Users\Calimero\Documents\Scan0005.jpg
    [2013/01/28 21:28:09 | 000,426,278 | ---- | C] () -- C:\Users\Calimero\Documents\Scan0004.jpg
    [2013/01/28 21:25:36 | 000,000,980 | ---- | C] () -- C:\Users\Calimero\Desktop\HPPSdr.exe - Raccourci.lnk
    [2013/01/27 21:07:19 | 000,143,585 | ---- | C] () -- C:\Users\Calimero\Documents\Scan0003.jpg
    [2013/01/27 14:19:52 | 000,000,913 | ---- | C] () -- C:\Users\Calimero\Desktop\Surface_MysteryOfAnotherWorldCE.exe.exe - Raccourci.lnk
    [2013/01/24 22:00:51 | 000,002,010 | ---- | C] () -- C:\Users\Calimero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 3070 B611 series.lnk
    [2013/01/12 14:37:33 | 000,001,904 | ---- | C] () -- C:\Users\Calimero\Application Data\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 15.lnk
    [2013/01/12 14:37:33 | 000,001,904 | ---- | C] () -- C:\Users\Calimero\Application Data\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 15 x64.lnk
    [2013/01/07 22:20:51 | 000,000,649 | ---- | C] () -- C:\Users\Calimero\AppData\Roaming\SolEol.cfg
    [2013/01/06 21:20:52 | 001,481,576 | ---- | C] () -- C:\Users\Calimero\Desktop\DSCF6633.JPG
    [2013/01/06 21:19:35 | 001,573,874 | ---- | C] () -- C:\Users\Calimero\Desktop\DSCF6646.JPG
    [2013/01/06 21:19:19 | 001,550,365 | ---- | C] () -- C:\Users\Calimero\Desktop\DSCF6644.JPG
    [2013/01/06 21:14:13 | 001,627,545 | ---- | C] () -- C:\Users\Calimero\Desktop\DSCF6554.JPG
    [2013/01/06 15:35:45 | 000,000,883 | ---- | C] () -- C:\Users\Calimero\Desktop\_Photos - Raccourci.lnk
    [2012/12/26 14:46:55 | 000,157,776 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/12/02 15:09:34 | 000,000,020 | ---- | C] () -- C:\Windows\SpaceTaxi.INI
    [2012/12/01 13:22:51 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/12/01 13:22:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/10/27 14:06:23 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
    [2012/10/27 14:06:23 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
    [2012/10/27 14:06:23 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
    [2012/09/06 20:41:41 | 000,000,013 | ---- | C] () -- C:\Users\Calimero\cvdm.err
    [2012/05/23 17:09:39 | 000,000,089 | ---- | C] () -- C:\Windows\TLCAPPS.INI
    [2012/05/18 17:19:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/04/25 22:02:53 | 000,099,384 | ---- | C] () -- C:\Users\Calimero\AppData\Roaming\inst.exe
    [2012/04/25 22:02:53 | 000,007,859 | ---- | C] () -- C:\Users\Calimero\AppData\Roaming\pcouffin.cat
    [2012/04/25 22:02:53 | 000,001,167 | ---- | C] () -- C:\Users\Calimero\AppData\Roaming\pcouffin.inf
    [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/10/08 11:44:14 | 000,000,178 | ---- | C] () -- C:\Windows\disneysy.ini
    [2011/05/14 21:15:57 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/04/07 21:42:56 | 000,001,189 | ---- | C] () -- C:\Users\Calimero\AppData\Roaming\vso_ts_preview.xml
    [2011/03/11 17:46:41 | 000,000,524 | ---- | C] () -- C:\Windows\hegames.ini
    [2011/01/30 23:12:48 | 000,007,616 | ---- | C] () -- C:\Users\Calimero\AppData\Local\Resmon.ResmonCfg
    [2011/01/19 21:28:47 | 000,000,025 | ---- | C] () -- C:\Users\Calimero\AppData\Roaming\bdfvconp.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  24. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    OTL.txt (part2):

    ========== LOP Check ==========

    [2012/01/15 15:14:05 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\BitDefender
    [2012/04/29 15:50:35 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\.mono
    [2012/01/24 21:57:09 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\8-Bit Commando
    [2011/06/04 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Airport Control Simulator
    [2011/07/27 21:13:10 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Alawar Entertainment
    [2012/12/25 13:19:23 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\AnvSoft
    [2011/09/23 21:54:38 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Awem
    [2013/01/13 20:48:30 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Azureus
    [2011/10/22 09:26:37 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Big Fish Games
    [2011/01/16 10:22:39 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\BitDefender
    [2011/10/14 21:51:23 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\BlackBean
    [2011/04/25 13:06:15 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Bridge!
    [2012/12/24 16:03:24 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\brucefilm.stay-dead
    [2011/11/02 16:19:59 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Canneverbe Limited
    [2012/07/01 09:14:03 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Carbon
    [2011/11/26 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\CardBoard Castle
    [2012/03/02 23:31:43 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Cobra Mobile
    [2011/09/28 21:50:17 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\CPC Loader
    [2012/02/12 22:01:42 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\DarknessII
    [2013/01/13 21:49:45 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\digipen
    [2011/01/29 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Disney Interactive
    [2011/05/16 20:48:14 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\DisneyInteractiveStudios
    [2011/01/29 21:31:43 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Disruptive Innovations SARL
    [2013/01/25 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Doublefine
    [2011/07/15 22:05:24 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\dp3d
    [2013/01/27 12:59:54 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Elephant Games
    [2012/02/12 11:24:36 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\FileZilla
    [2012/06/22 22:56:07 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\flightgear.org
    [2012/06/22 22:45:08 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\fltk.org
    [2013/01/13 15:13:35 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\foobar2000
    [2011/03/13 21:44:04 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\fotw
    [2012/02/29 22:35:31 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Friday's games
    [2011/10/22 22:30:13 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Funzai!
    [2013/02/01 22:06:25 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\GameMaker
    [2011/09/10 22:09:34 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\GameMill Entertainment
    [2012/04/12 03:13:20 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\GOG.com
    [2012/03/13 21:06:27 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\GrabPro
    [2011/09/09 22:43:15 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Hothead Games
    [2011/04/03 15:23:35 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\ImgBurn
    [2011/02/18 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\InfraRecorder
    [2011/10/10 20:17:18 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Kalypso Media
    [2011/07/30 19:56:09 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Lazy 8 Studios
    [2011/11/27 21:42:08 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\LegacyInteractive
    [2011/03/12 01:39:47 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\LittleGamesCompany
    [2012/04/18 20:43:27 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\LS
    [2011/09/18 13:53:50 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\LucasArts
    [2011/01/27 21:36:08 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Namco
    [2011/05/14 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\National Geographic Challenge!
    [2013/02/01 21:22:45 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\NewsLeecher
    [2011/01/29 21:30:52 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Notepad++
    [2013/02/02 23:14:41 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Odtoy
    [2012/03/13 23:07:13 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Orbit
    [2011/01/30 21:20:04 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\PDF Writer
    [2011/01/16 01:55:29 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\PeaZip
    [2012/04/29 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Pole Position 2012
    [2011/01/24 23:07:41 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\PowerMapper Software
    [2012/03/13 21:06:54 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\ProgSense
    [2012/02/14 20:51:07 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\ProtectDisc
    [2013/02/03 00:32:32 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Puaquh
    [2012/01/30 23:22:13 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\RenPy
    [2012/11/10 11:40:36 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Rovio
    [2012/09/22 12:20:11 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\runic games
    [2011/01/29 22:25:52 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\ScummVM
    [2011/08/10 22:15:10 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\SharePod
    [2013/01/07 22:20:55 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\SolEol
    [2012/06/22 22:49:01 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Subversion
    [2012/12/28 15:57:00 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\TagScanner
    [2011/01/30 21:53:05 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\The Longest Journey
    [2012/04/24 20:32:20 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Thunderbird
    [2011/12/08 22:11:31 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Trine2
    [2011/01/23 22:05:31 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Ubisoft
    [2012/03/11 19:24:51 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Ulead Systems
    [2011/01/19 22:15:55 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Unity
    [2011/11/22 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\VenusHostage
    [2011/11/01 21:43:02 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Voxatron
    [2012/04/25 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Vso
    [2012/11/25 00:41:24 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Warner Bros. Interactive Entertainment
    [2011/08/10 21:14:01 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\WindSolutions
    [2013/01/12 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\Calimero\AppData\Roaming\Zoner

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 368 bytes -> C:\Users\Calimero\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
    @Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:9A870F8B
    @Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:8E5EA40F
    @Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:58E38390

    < End of report >
  25. Cal_74

    Cal_74 Newcomer, in training Topic Starter Posts: 37

    Extras.txt:

    OTL Extras logfile created on: 03/02/2013 20:18:12 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Calimero\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

    5,93 Gb Total Physical Memory | 4,01 Gb Available Physical Memory | 67,62% Memory free
    11,85 Gb Paging File | 9,59 Gb Available in Paging File | 80,97% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116,44 Gb Total Space | 47,11 Gb Free Space | 40,46% Space Free | Partition Type: NTFS
    Drive D: | 327,83 Gb Total Space | 86,39 Gb Free Space | 26,35% Space Free | Partition Type: NTFS
    Drive H: | 7,21 Gb Total Space | 7,19 Gb Free Space | 99,72% Space Free | Partition Type: FAT32

    Computer Name: ASUS_CAL | User Name: Calimero | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3955869695-4156559446-3699184568-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1954A2E1-C429-442C-A07C-28C9268A29E4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{1D354192-5FB7-47A9-935B-1F7AFA9E8DDD}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{20F83506-8663-4C42-98C9-66C5C0356EAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3E904493-2030-4AB9-9476-DF58B6E2DBAC}" = rport=139 | protocol=6 | dir=out | app=system |
    "{438319C8-22BA-4616-A03B-92E3E6E6844D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{45C8903B-167C-4D26-8296-935BC6F798EF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{47C704BA-BE25-4E52-8D09-EC1E0829975A}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{51C69227-862E-4780-A15E-A5BC5DAF152B}" = lport=137 | protocol=17 | dir=in | app=system |
    "{55E0A87C-9782-41A6-82D3-D40A6341914F}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
    "{56E55807-ED58-49E7-989B-BE5C046D01E4}" = lport=445 | protocol=6 | dir=in | app=system |
    "{5C2BB908-ADCF-4D01-A648-AD8BF33FDE55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{64C202BE-D118-4FED-AC2F-40A9456D7606}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{690D75BD-BC48-47D0-A152-00FE145375E8}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
    "{6E68C10F-501E-45D1-8509-5150E4ADAAA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{72BA442E-E9B9-4FAE-8B1E-5E5D1175AA43}" = lport=138 | protocol=17 | dir=in | app=system |
    "{730D7BEE-5F40-4C1D-BFDF-0634852EFF76}" = lport=139 | protocol=6 | dir=in | app=system |
    "{8183430B-EDBF-483D-8BB9-5CBA172B06B8}" = rport=138 | protocol=17 | dir=out | app=system |
    "{950BBA90-5E38-4B1F-BFD1-52E356E34164}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9C968D55-3A8F-4C7B-A074-2EAF4AADB7E5}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{A0C3F661-DEAC-427C-9391-A05CC579530A}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{A61C69D4-01E7-4A75-AA02-5F31346B307D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AADAFC8D-0AF7-4CC2-B083-332ED4F5A864}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{AF9604AA-606D-4965-B02C-E7EE37492F0F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{BA076010-0CD1-41FA-8F0E-884FAD068551}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{C43991C1-D969-4275-AF84-7BDEAD993CCF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D32EB935-976F-4870-B521-1CB6B44F90A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DBE262C7-99E2-487E-A66F-84B1657BC223}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DBF11E30-C743-45BE-9FF3-CBB652FF6C16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F48B53A9-6553-4732-B835-51F211F46FC2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04A07822-3FD4-4D17-B08C-1779CEED8AEA}" = protocol=6 | dir=out | app=system |
    "{0DC8CB88-4034-4D94-AF31-2B0AD0F22F69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{19206468-5D3E-4E90-8922-2CCC9A109328}" = dir=in | app=c:\program files (x86)\prtg network monitor\prtg server.exe |
    "{1966AAE4-A1ED-489A-AEBB-3B0F0175570D}" = protocol=17 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs0bb7\hpdiagnosticcoreui.exe |
    "{1A9ED20A-FD9C-4949-90ED-0B12494863F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{1B0BC17B-6075-49E1-BA5F-9DF31829A8E9}" = dir=in | app=c:\program files (x86)\prtg network monitor\prtg probe.exe |
    "{23F61A62-1EF7-4F05-BF46-C20ABB474A82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{25792C27-42B7-4B0C-B16C-7FE7A81A3A70}" = protocol=6 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs1743\hpdiagnosticcoreui.exe |
    "{28720CE7-8D4D-4CFB-8625-DC156E01CE6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2AA356F8-CBC0-4214-AFF5-15E96DE553AA}" = protocol=17 | dir=in | app=d:\games\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
    "{2DF2C0E2-6A3A-4C6E-9AAF-A957A7340BF0}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
    "{2EFE3289-8159-48D6-B07C-BA46905F7CF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3BEC32D6-3C95-45DE-9459-EB41E12CA9BE}" = dir=in | app=c:\program files (x86)\prtg network monitor\prtg server administrator.exe |
    "{4943B671-5363-4DAB-A9D5-3D6A04264693}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4BED1087-3B13-42C9-AF79-139F5200FD21}" = protocol=17 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs6502\hpdiagnosticcoreui.exe |
    "{51C42C91-1960-4968-A873-80A665BB539E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{563F9CFC-CE67-47F5-BF8A-8749B0F939AB}" = protocol=17 | dir=in | app=d:\games\rayman origins\rayman origins.exe |
    "{5C852051-02CE-4D89-B4E2-983D8143667E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6550E33F-B1E7-402B-AD50-9F61D95A0FC3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{6931C23B-1D4B-4B80-BA0C-DFAB5E8A1273}" = protocol=6 | dir=in | app=d:\games\rayman origins\rayman origins.exe |
    "{6E997CF1-6253-4DCC-A32A-F9EEB3A3BC71}" = protocol=6 | dir=in | app=d:\games\rayman origins\gu.exe |
    "{7098CEDC-D244-4560-AF44-043308D248CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{730348D6-BD86-44E7-B0B3-34E92D3F7B50}" = protocol=17 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs6b7f\hpdiagnosticcoreui.exe |
    "{75C6B3C7-F335-4FFA-8647-B384C5F65307}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{7920C59D-A0C9-4C14-B100-3B7A6A11F52D}" = dir=in | app=d:\games\gog.com\stacking\stack.exe |
    "{795B9922-E8CB-447F-9049-36B0AE59092A}" = protocol=6 | dir=in | app=d:\games\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
    "{799B9620-722E-4182-A4DC-CF108FC4FD5A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8078EDD1-308B-4D14-892F-3CC66B82F459}" = protocol=17 | dir=in | app=d:\games\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
    "{824C7E1F-C7B0-42C7-A3B7-2E66BF2EC15E}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
    "{86FC0454-A34C-43A3-96BC-D391591427A8}" = protocol=17 | dir=in | app=d:\games\les aventures de tintin - le secret de la licorne\tintin.exe |
    "{8943FD1C-C799-4296-96C5-A1D859CA87DE}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
    "{8B5E7C2E-265F-4E7A-90C7-814D32F1CE54}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{92B17BBE-11F2-471A-8F27-581615870CB1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{A4585FFA-D493-4466-8807-40EAAA7C4A0B}" = protocol=17 | dir=in | app=d:\games\nfs hot pursuit\launcher.exe |
    "{A7A367D8-11FC-4AE3-B81F-FDCB1404C635}" = protocol=6 | dir=in | app=d:\games\nfs hot pursuit\launcher.exe |
    "{A91BCFCA-C96C-4DA0-92FD-B20AF5366226}" = protocol=17 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs1743\hpdiagnosticcoreui.exe |
    "{B0501C07-D325-4EC1-B451-7AE7F8A3C7C7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B5C71D4B-8B51-4E89-BFF3-A70F404F4489}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B6B2F162-D375-428F-8477-E12B4B980A64}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B7360411-D07C-4519-8EC6-095A28E02CA2}" = protocol=6 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs6b7f\hpdiagnosticcoreui.exe |
    "{B80F27BD-1229-4FE8-98BA-6DBA1D9F7426}" = protocol=17 | dir=in | app=d:\games\rayman origins\gu.exe |
    "{BB8D0095-38A4-4467-A481-78BC47C4FCEF}" = protocol=6 | dir=in | app=d:\games\les aventures de tintin - le secret de la licorne\tintin.exe |
    "{BE575034-F6F1-43E8-871F-BE192328DF3E}" = protocol=17 | dir=in | app=d:\games\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
    "{BED077F3-C49C-4A04-8D64-BBB32FEB6D4B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{C0B4D17F-19A9-4481-A8B1-302CFBC20862}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{C4F23CA2-4B89-4379-9A88-57AD111C3378}" = protocol=6 | dir=in | app=d:\games\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
    "{C6A6F012-70F6-4EB0-BFF9-B63777DD9A5C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C7021C52-2388-424E-B1CF-459460D18616}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
    "{C7CBDB9A-30C0-4BC7-B8AC-DFB881F48189}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C9748E12-C9C8-49A4-BEF1-5A044841016E}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{C9824A06-15AC-4CDE-97CE-B376316FFFAC}" = protocol=6 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs520a\hpdiagnosticcoreui.exe |
    "{C9B32BFE-53C1-4403-AE71-AEC069118E49}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{DC9838A9-EE48-4613-9A07-E7435EA59472}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{DCD3FE5A-32DA-4F71-AB58-A7404D1D7636}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E0D9FEA1-DDD4-42D1-A6D5-6DA897B9AD67}" = protocol=6 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs6502\hpdiagnosticcoreui.exe |
    "{E1DBD2DB-10B6-4FEB-8650-7865E6A1E83D}" = protocol=6 | dir=in | app=d:\games\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
    "{E35C8944-1467-416E-B469-D1BD8FBD2156}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{E910CF38-CF8A-43D8-B528-56D9E539E69C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{EEAD6EF2-A4C7-4CB5-A976-F4DB5EC6CE47}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{EFD90CEA-7805-4FB0-A936-DA3FE3F5F05C}" = protocol=17 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs520a\hpdiagnosticcoreui.exe |
    "{F05D824E-BCD0-42CC-9594-FBAB9AE1FFAA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{F111083C-5420-47AA-81AA-21F95BFAD774}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{F549AF22-F235-4792-BD8E-EB9690056DC8}" = protocol=6 | dir=in | app=c:\users\calimero\appdata\local\temp\7zs0bb7\hpdiagnosticcoreui.exe |
    "{F5A3AB0C-86C1-440D-80F3-D26517D4C58E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{F8C89BAA-4B19-47C0-B992-4BEED4A09A18}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FBC0B395-4A09-4D18-8DE9-2A9A42E2BB67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{519EB202-2535-4A74-8314-48B53DD4719A}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{CB9B44CA-3A93-4F25-9782-B2971B7B86D5}D:\games\precursors\precursors.exe" = protocol=6 | dir=in | app=d:\games\precursors\precursors.exe |
    "TCP Query User{FBBA9C34-E2B8-48DF-8EB5-CCD6E9F81976}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
    "UDP Query User{076939FD-AD52-4E91-A860-0572942A15FF}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{31F7D424-1BF6-4F42-90C2-8424EDA5E1BA}D:\games\precursors\precursors.exe" = protocol=17 | dir=in | app=d:\games\precursors\precursors.exe |
    "UDP Query User{615B684D-FFCF-47BD-9B39-509F46688AD5}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}" = BitDefender Internet Security 2010
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{27DEFFDD-A0F8-4F16-AED1-C7A75266CBFC}" = Logiciel de base du périphérique HP Deskjet 3070 B611 series
    "{28B9DDB5-9D16-4570-8C96-DECE5B9869FA}" = Fresco Logic USB3.0 Host Controller
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2C22EA92-CB30-4932-0051-000001000000}" = InfraRecorder 0.51 (x64 edition)
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{45CD67FD-3218-4207-A0A2-BC41245189E3}" = Microsoft Xbox 360 Accessories 1.2
    "{4788CFB6-7C58-49CC-AB1C-D0E4ACE8A03B}" = O&O DriveLED Professional
    "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.6
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9E96DFB0-0BE0-367A-BB8E-7790ACFF0B56}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Pilote audio HD : 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}" = O&O Defrag Professional
    "{D000D1C0-6E80-4FC4-BE4E-A88872C0616F}" = Share64
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218
    "Hide Folders 2009_is1" = Hide Folders 2009 3.1 for Windows XP/Vista
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA" = Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "Recuva" = Recuva
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "USB2.0 UVC 2M WebCam" = USB2.0 UVC 2M WebCam
    "ZonerPhotoStudio15_EN_is1" = Zoner Photo Studio 15

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Pro X5
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
    "{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
    "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34647679-5D7E-455C-9DC6-618FA3B7FE1A}" = Disney Princesses - Mon Royaume Enchanté
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{43430FA0-4A2E-404A-B715-951000018101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
    "{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
    "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.3.5
    "{47A42582-C98A-49AC-A0E4-9AFFA2D6C2E5}" = CP avec Disney le Livre de la Jungle
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{5482BE9D-4E8F-451A-8A06-3E85F2296CAD}" = Les Aventures de Porcinet
    "{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5BB655D4-07D7-45E3-B852-FF869EA628A1}" = VSPro
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{64958DA4-79D3-43FD-AF06-720DAD044F9E}" = LEGO® Pirates of the Caribbean The Video Game
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{66863AD3-EA43-4D99-B6F0-9A47E315AF86}" = Larry
    "{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
    "{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
    "{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7BF67A61-BE7C-4806-B93C-97F299D6A6FE}" = ASUS AI Recovery
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
    "{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
    "{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1" = GPU Temp version 1.0
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Aide
    "{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
    "{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A8474415-5F34-4224-9B46-EB19B67F9AD5}_is1" = Les Schtroumpfs - le téléportaschtroumpf version V1.0
    "{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B489D5F8-D960-4399-9286-C59BF21991B5}" = Frère des Ours
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}" = LEGO® The Lord of the Rings™
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C8E9B58D-637E-4E4D-B3BD-DCB1F14DBA9F}" = Activision(R)
    "{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.5.1 Game
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DC76D52B-1266-4A73-9020-02694193B907}" = Jamestown: Legend of the Lost Colony
    "{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
    "{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
    "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "A Walk In The Dark (c) Flying Turtle Software_is1" = A Walk In The Dark (c) Flying Turtle Software
    "AC3Filter_is1" = AC3Filter 1.62b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
    "Any Video Converter_is1" = Any Video Converter 3.5.8
    "ASUS AP Bank_is1" = ASUS AP Bank
    "ASUS VIBE" = ASUS VIBE
    "BIT.TRIP RUNNER" = BIT.TRIP RUNNER (remove only)
    "Desperados Wanted Dead or Alive_is1" = Desperados Wanted Dead or Alive
    "Diablo III" = Diablo III
    "DiscJuggler" = DiscJuggler
    "Dishonored (c) Bethesda Softworks_is1" = Dishonored (c) Bethesda Softworks version 1
    "DivX Setup" = DivX Setup
    "Duplicate Cleaner Free" = Duplicate Cleaner Free 3.0.1
    "DVD Shrink_is1" = DVD Shrink 3.2
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
    "foobar2000" = foobar2000 v1.1.10
    "Giana Sisters - Twisted Dreams_is1" = Giana Sisters - Twisted Dreams
    "GOGPACKSCREAMER2_is1" = Screamer 2
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "HackerEvolutionDuality" = Hacker Evolution Duality(remove only)
    "ImgBurn" = ImgBurn
    "ImTOO DVD Ripper Platinum 5" = ImTOO DVD Ripper Platinum 5
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "InstallShield_{C8E9B58D-637E-4E4D-B3BD-DCB1F14DBA9F}" = L'Age de Glace(TM) 4 - La dérive des continents - Jeux de l'Arctique
    "Lapin Malin Cours Préparatoire ADAPT" = Lapin Malin Cours Préparatoire ADAPT
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NewsLeecher_is1" = NewsLeecher v5.0 Beta 6
    "Notepad++" = Notepad++
    "Ootake_is1" = Ootake ver2.62
    "OpenAL" = OpenAL
    "Puddle_is1" = Puddle
    "QuickPar" = QuickPar 0.9
    "Rollercoaster Rush_is1" = Rollercoaster Rush
    "Super Meat Boy v1.5_is1" = Super Meat Boy v1.5
    "TagScanner_is1" = TagScanner 5.1.625
    "The Witcher 2 - Assassins of Kings_is1" = The Witcher 2 - Assassins of Kings
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Uplay" = Uplay
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 2.0.0
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-4
    "WinLiveSuite" = Windows Live
    "WinPcapInst" = WinPcap 4.1.1
    "WinUAE" = WinUAE 2.3.3
    "XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
    "XviD" = XviD MPEG-4 Codec
    "Zumas Revenge! - Adventure_is1" = Zumas Revenge! - Adventure

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3955869695-4156559446-3699184568-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "FileZilla Client" = FileZilla Client 3.3.5.1
    "GameMaker81" = GameMaker 8.1
    "pdfsam" = pdfsam
    "UnityWebPlayer" = Unity Web Player

    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.