Win64/Sirefef trojan removal help request

Solved
By aliciaw
Jul 30, 2012
  1. Hi. Just started getting those pop-up notifications from Microsoft Security Essentials and started getting redirected to random websites and stuff. Found out it was a Win64/sirefef trojan, and went looking to find ways to remove it.

    I know I'm not meant to follow instructions given to others... I read through some other posts and realized that the FRST program should be run first, right? but that's as far as I went. I'm really not too sure about the rest of the process... I've posted the logs for the first FRST run, and the one where services.exe is searched for. Can someone please help me?

    Thanks,
    Alicia.

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 30-07-2012 18:05:33
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-09] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-09] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-09] (Intel Corporation)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [47616 2011-08-11] (Windows (R) Win 7 DDK provider)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-05-07] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKU\AliciaSueYee\...\Run: [Google Update] "C:\Users\AliciaSueYee\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-11] (Google Inc.)
    HKU\AliciaSueYee\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
    HKU\AliciaSueYee\...\Run: [Facebook Update] "C:\Users\AliciaSueYee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-16] (Facebook Inc.)
    HKU\AliciaSueYee\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-04-11] (Google Inc.)
    HKU\AliciaSueYee\...\Run: [AdobeBridge] [x]
    HKU\AliciaSueYee\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\AliciaSueYee\...\Run: [IBM] rundll32.exe "C:\Users\AliciaSueYee\AppData\Local\Mozilla\IBM\uctnh.dll",CreateInstance [425984 2012-07-30] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\AliciaSueYee\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\AliciaSueYee\Start Menu\Programs\Startup\Facebook Messenger.lnk
    ShortcutTarget: Facebook Messenger.lnk -> (No File)
    Startup: C:\Users\AliciaSueYee\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\AliciaSueYee\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Services (Whitelisted) ======

    2 CLKMSVC10_38F51D56; "C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc [241648 2011-02-24] (CyberLink)
    2 FPLService; "C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe" [260424 2011-08-26] (HP)
    2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656536 2011-08-09] (Intel Corporation)

    ========================== Drivers (Whitelisted) =============

    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-12] (DT Soft Ltd)
    3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
    2 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [149640 2012-02-07] (Tonec Inc.)
    1 bzauzhtw; \??\C:\Windows\system32\drivers\bzauzhtw.sys [x]
    1 ybtsrbid; \??\C:\Windows\system32\drivers\ybtsrbid.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-30 13:28 - 2012-07-30 13:28 - 02322184 ____A (ESET) C:\Users\AliciaSueYee\Downloads\esetsmartinstaller_enu.exe
    2012-07-30 13:24 - 2012-07-30 13:25 - 12621696 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\mseinstall(1).exe
    2012-07-30 13:18 - 2012-07-30 13:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9FE2FAF2B94D1F6
    2012-07-30 13:13 - 2012-07-30 13:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A4F1AA4A338769
    2012-07-30 13:09 - 2012-07-30 13:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.646E8EFA69971057
    2012-07-30 13:04 - 2012-07-30 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.257A8B78D33AFE34
    2012-07-30 13:01 - 2012-07-30 13:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65E703590D180112
    2012-07-30 12:58 - 2012-07-30 12:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E96F3C519A57F521
    2012-07-30 12:55 - 2012-07-30 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD88C9432A0901BE
    2012-07-30 12:52 - 2012-07-30 12:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19FA7CD7D4577A2D
    2012-07-30 12:49 - 2012-07-30 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.954A9076AC008D1F
    2012-07-30 12:46 - 2012-07-30 12:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3180FB7F7C42E7D7
    2012-07-30 12:24 - 2012-07-30 12:24 - 00347424 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\MicrosoftFixit.WindowsFirewall.RNP.133267110647199226.1.1.Run.exe
    2012-07-29 12:15 - 2012-07-29 12:15 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-29 12:08 - 2012-07-29 12:08 - 00000012 ____A C:\Windows\srun.log
    2012-07-28 08:54 - 2012-07-28 08:54 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\{1D823631-B05E-41E6-8A14-10CA591DB209}
    2012-07-26 14:55 - 2012-07-26 14:55 - 00000425 ____A C:\Users\AliciaSueYee\Desktop\gaiman sandman.txt
    2012-07-26 12:08 - 2012-07-26 12:08 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\HorizonWimba
    2012-07-26 08:43 - 2012-07-26 08:43 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\Macromedia
    2012-07-26 06:32 - 2012-07-26 06:32 - 00054544 ____A C:\Users\AliciaSueYee\Downloads\16256_GALIRDN.ttf
    2012-07-26 06:31 - 2012-07-26 06:31 - 00041844 ____A C:\Users\AliciaSueYee\Downloads\square-slabserif-711-bold-bt.ttf
    2012-07-25 15:35 - 2012-07-25 15:37 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\Firestorm
    2012-07-25 15:35 - 2012-07-25 15:36 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Roaming\Firestorm
    2012-07-25 10:45 - 2012-07-25 10:47 - 00000000 ____D C:\Users\AliciaSueYee\Desktop\SFP NewsRoom
    2012-07-25 05:43 - 2012-07-25 05:46 - 00000000 ____D C:\Program Files (x86)\Firestorm-Release
    2012-07-23 21:42 - 2012-07-23 21:42 - 00001994 ____A C:\Users\AliciaSueYee\Desktop\Kindle.lnk
    2012-07-23 21:33 - 2012-07-23 21:45 - 00000000 ____D C:\Users\AliciaSueYee\Documents\Calibre Library
    2012-07-23 21:33 - 2012-07-23 21:36 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Roaming\calibre
    2012-07-23 21:33 - 2012-07-23 21:33 - 00000000 ____D C:\Program Files (x86)\Calibre2
    2012-07-23 21:17 - 2012-07-23 21:17 - 00000000 ____D C:\Users\AliciaSueYee\Downloads\Neil Gaiman
    2012-07-23 20:44 - 2012-07-23 20:45 - 09469165 ____A C:\Users\AliciaSueYee\Downloads\Neil Gaiman.rar
    2012-07-18 15:37 - 2012-07-30 09:39 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\Mozilla
    2012-07-18 15:37 - 2012-07-30 00:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-07-18 15:37 - 2012-07-18 15:37 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-18 15:37 - 2012-07-18 15:37 - 00001130 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
    2012-07-18 15:37 - 2012-07-18 15:37 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-07-18 15:37 - 2012-07-18 15:37 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
    2012-07-18 15:37 - 2012-07-18 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-07-16 10:07 - 2012-07-16 10:07 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-16 10:07 - 2012-07-16 10:07 - 00001783 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-07-16 10:07 - 2009-05-18 09:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-07-16 10:07 - 2008-04-17 08:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-07-16 10:07 - 2008-04-17 08:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-07-16 10:06 - 2012-07-16 10:07 - 00000000 ____D C:\Program Files\iTunes
    2012-07-16 10:06 - 2012-07-16 10:07 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-07-16 10:06 - 2012-07-16 10:06 - 00000000 ____D C:\Program Files\iPod
    2012-07-11 12:22 - 2012-07-23 19:40 - 00000115 ____A C:\Users\AliciaSueYee\webct_upload_applet.properties
    2012-07-10 16:46 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 16:42 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-10 16:42 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-10 16:42 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-10 16:42 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-10 16:42 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-10 16:42 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-10 16:42 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-10 16:42 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-10 16:42 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-10 16:42 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-10 16:42 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-10 16:42 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-10 16:42 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-10 16:42 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-10 16:42 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-10 16:42 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-10 16:42 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-10 16:42 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-10 16:42 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-10 16:42 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-10 16:42 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-10 16:42 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-10 16:42 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-10 16:42 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-10 16:42 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-10 16:42 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-10 16:42 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-10 16:42 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-10 16:35 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 16:35 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 16:35 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 16:35 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 16:35 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 16:35 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 16:35 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 16:35 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-10 16:35 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 16:35 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 16:35 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 16:35 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 16:35 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 16:35 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 16:35 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 16:35 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 16:35 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 16:35 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 16:35 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll


    ============ 3 Months Modified Files ========================

    2012-07-30 14:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-30 14:00 - 2009-07-13 20:51 - 00062364 ____A C:\Windows\setupact.log
    2012-07-30 13:47 - 2009-07-13 21:13 - 00779526 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-30 13:28 - 2012-07-30 13:28 - 02322184 ____A (ESET) C:\Users\AliciaSueYee\Downloads\esetsmartinstaller_enu.exe
    2012-07-30 13:28 - 2012-06-19 23:13 - 00002052 ____A C:\Windows\epplauncher.mif
    2012-07-30 13:27 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-30 13:27 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-30 13:25 - 2012-07-30 13:24 - 12621696 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\mseinstall(1).exe
    2012-07-30 13:20 - 2012-05-17 17:43 - 00264544 ____A C:\Windows\SysWOW64\debug.log
    2012-07-30 13:19 - 2012-04-11 07:31 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-30 13:18 - 2012-07-30 13:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9FE2FAF2B94D1F6
    2012-07-30 13:13 - 2012-07-30 13:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A4F1AA4A338769
    2012-07-30 13:12 - 2012-04-01 19:00 - 01526527 ____A C:\Windows\WindowsUpdate.log
    2012-07-30 13:09 - 2012-07-30 13:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.646E8EFA69971057
    2012-07-30 13:04 - 2012-07-30 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.257A8B78D33AFE34
    2012-07-30 13:01 - 2012-07-30 13:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65E703590D180112
    2012-07-30 12:58 - 2012-07-30 12:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E96F3C519A57F521
    2012-07-30 12:57 - 2009-07-13 21:08 - 00032638 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-30 12:55 - 2012-07-30 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD88C9432A0901BE
    2012-07-30 12:52 - 2012-07-30 12:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19FA7CD7D4577A2D
    2012-07-30 12:49 - 2012-07-30 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.954A9076AC008D1F
    2012-07-30 12:46 - 2012-07-30 12:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3180FB7F7C42E7D7
    2012-07-30 12:46 - 2012-04-11 07:31 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-30 12:43 - 2012-06-05 18:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-30 12:33 - 2012-04-11 07:23 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    2012-07-30 12:24 - 2012-07-30 12:24 - 00347424 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\MicrosoftFixit.WindowsFirewall.RNP.133267110647199226.1.1.Run.exe
    2012-07-30 12:21 - 2012-04-11 07:38 - 00797112 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-30 11:21 - 2012-04-13 02:34 - 00000956 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    2012-07-29 19:46 - 2012-04-11 07:23 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    2012-07-29 14:21 - 2012-04-13 02:34 - 00000934 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    2012-07-29 12:08 - 2012-07-29 12:08 - 00000012 ____A C:\Windows\srun.log
    2012-07-27 22:28 - 2012-04-18 09:37 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleForALICIASUEYEE-HP$.job
    2012-07-27 08:44 - 2012-05-23 08:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-27 08:44 - 2011-11-09 09:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-26 14:55 - 2012-07-26 14:55 - 00000425 ____A C:\Users\AliciaSueYee\Desktop\gaiman sandman.txt
    2012-07-26 13:59 - 2009-07-13 20:45 - 05037360 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-26 13:58 - 2012-04-11 07:16 - 00000360 ____A C:\Windows\Tasks\HPCeeScheduleForAliciaSueYee.job
    2012-07-26 10:23 - 2012-05-03 15:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-26 10:23 - 2012-04-12 11:00 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-07-26 07:22 - 2012-04-11 07:16 - 00111880 ____A C:\Users\AliciaSueYee\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-26 06:32 - 2012-07-26 06:32 - 00054544 ____A C:\Users\AliciaSueYee\Downloads\16256_GALIRDN.ttf
    2012-07-26 06:31 - 2012-07-26 06:31 - 00041844 ____A C:\Users\AliciaSueYee\Downloads\square-slabserif-711-bold-bt.ttf
    2012-07-23 21:42 - 2012-07-23 21:42 - 00001994 ____A C:\Users\AliciaSueYee\Desktop\Kindle.lnk
    2012-07-23 21:41 - 2012-06-02 22:31 - 00000242 ____A C:\Windows\wininit.ini
    2012-07-23 20:45 - 2012-07-23 20:44 - 09469165 ____A C:\Users\AliciaSueYee\Downloads\Neil Gaiman.rar
    2012-07-23 19:40 - 2012-07-11 12:22 - 00000115 ____A C:\Users\AliciaSueYee\webct_upload_applet.properties
    2012-07-18 15:37 - 2012-07-18 15:37 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-18 15:37 - 2012-07-18 15:37 - 00001130 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
    2012-07-16 10:07 - 2012-07-16 10:07 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-16 10:07 - 2012-07-16 10:07 - 00001783 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-07-11 12:29 - 2012-04-11 07:30 - 00002439 ____A C:\Users\AliciaSueYee\Desktop\Google Chrome.lnk
    2012-07-10 16:43 - 2012-04-12 16:45 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-26 22:04 - 2012-06-26 22:04 - 00188768 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-06-20 05:58 - 2012-06-04 19:34 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-06-20 05:58 - 2012-06-04 19:34 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-06-19 23:13 - 2012-06-19 23:11 - 12621696 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\mseinstall.exe
    2012-06-19 23:09 - 2012-06-19 23:09 - 00001762 ____A C:\Users\AliciaSueYee\Desktop\Skype.lnk
    2012-06-19 22:52 - 2010-11-20 19:47 - 00669624 ____A C:\Windows\PFRO.log
    2012-06-11 19:08 - 2012-07-10 16:46 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-10 16:35 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 16:35 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-10 16:35 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 16:35 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 16:35 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 16:35 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 16:35 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 16:35 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-05 18:14 - 2012-06-05 18:14 - 00001829 ____A C:\Users\Public\Desktop\Opera.lnk
    2012-06-05 18:14 - 2012-06-05 18:14 - 00001829 ____A C:\Users\All Users\Desktop\Opera.lnk
    2012-06-02 22:31 - 2012-04-11 07:52 - 00001045 ____A C:\Users\AliciaSueYee\Desktop\Dropbox.lnk
    2012-06-02 14:19 - 2012-06-22 08:52 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-22 08:52 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-22 08:52 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-22 08:52 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-22 08:52 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-22 08:52 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-22 08:52 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-22 08:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-22 08:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-10 16:42 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-10 16:42 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-10 16:42 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-10 16:42 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-10 16:42 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-10 16:42 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-10 16:42 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-10 16:42 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-10 16:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-10 16:42 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-10 16:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-10 16:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-10 16:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-10 16:42 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-10 16:42 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-10 16:42 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-10 16:42 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-10 16:42 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-10 16:42 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-10 16:42 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-10 16:42 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-10 16:42 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-10 16:42 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-10 16:42 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-10 16:42 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-10 16:42 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-10 16:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-10 16:42 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-10 16:35 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 16:35 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 16:35 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 16:35 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 16:35 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 16:35 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 16:35 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 16:35 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 16:35 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-31 08:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-28 08:33 - 2012-05-23 15:00 - 00006444 ____A C:\Windows\SysWOW64\AppLog.log
    2012-05-25 16:30 - 2012-05-25 16:30 - 00031744 ____A C:\Users\AliciaSueYee\Downloads\Data_Set_4_-_Mothers_and_Daughters.xls
    2012-05-04 03:06 - 2012-06-12 21:40 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 21:40 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 21:40 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 00:46 - 2012-05-04 00:46 - 00002418 ____A C:\Users\AliciaSueYee\Desktop\GA Fall.txt


    ZeroAccess:
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\L
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\n
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\L\00000004.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\L\201d3dde
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\00000004.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\00000008.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\000000cb.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\80000000.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\80000032.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\80000064.@

    ZeroAccess:
    C:\Users\AliciaSueYee\AppData\Local\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}
    C:\Users\AliciaSueYee\AppData\Local\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\@
    C:\Users\AliciaSueYee\AppData\Local\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\L
    C:\Users\AliciaSueYee\AppData\Local\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 11%
    Total physical RAM: 8139.6 MB
    Available physical RAM: 7185.02 MB
    Total Pagefile: 8137.75 MB
    Available Pagefile: 7158.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:673.14 GB) (Free:552.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (Recovery) (Fixed) (Total:21.33 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
    5 Drive h: (ALICIA) (Removable) (Total:3.72 GB) (Free:2.83 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 0 B
    Disk 1 Online 3822 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 673 GB 200 MB
    Partition 3 Primary 21 GB 673 GB
    Partition 4 Primary 4062 MB 694 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 673 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 21 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 4062 MB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3818 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H ALICIA FAT32 Removable 3818 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-27 23:12

    ======================= End Of Log ==========================
  2. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    What Windows version is it?
  3. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

  4. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
  5. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    It's this one, right?

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 30-07-2012 18:33:38
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-09] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-09] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-09] (Intel Corporation)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [47616 2011-08-11] (Windows (R) Win 7 DDK provider)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-05-07] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKU\AliciaSueYee\...\Run: [Google Update] "C:\Users\AliciaSueYee\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-11] (Google Inc.)
    HKU\AliciaSueYee\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
    HKU\AliciaSueYee\...\Run: [Facebook Update] "C:\Users\AliciaSueYee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-16] (Facebook Inc.)
    HKU\AliciaSueYee\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-04-11] (Google Inc.)
    HKU\AliciaSueYee\...\Run: [AdobeBridge] [x]
    HKU\AliciaSueYee\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\AliciaSueYee\...\Run: [IBM] rundll32.exe "C:\Users\AliciaSueYee\AppData\Local\Mozilla\IBM\uctnh.dll",CreateInstance [425984 2012-07-30] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\AliciaSueYee\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\AliciaSueYee\Start Menu\Programs\Startup\Facebook Messenger.lnk
    ShortcutTarget: Facebook Messenger.lnk -> (No File)
    Startup: C:\Users\AliciaSueYee\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\AliciaSueYee\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Services (Whitelisted) ======

    2 CLKMSVC10_38F51D56; "C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc [241648 2011-02-24] (CyberLink)
    2 FPLService; "C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe" [260424 2011-08-26] (HP)
    2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656536 2011-08-09] (Intel Corporation)

    ========================== Drivers (Whitelisted) =============

    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-12] (DT Soft Ltd)
    3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
    2 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [149640 2012-02-07] (Tonec Inc.)
    1 bzauzhtw; \??\C:\Windows\system32\drivers\bzauzhtw.sys [x]
    1 ybtsrbid; \??\C:\Windows\system32\drivers\ybtsrbid.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-30 13:28 - 2012-07-30 13:28 - 02322184 ____A (ESET) C:\Users\AliciaSueYee\Downloads\esetsmartinstaller_enu.exe
    2012-07-30 13:24 - 2012-07-30 13:25 - 12621696 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\mseinstall(1).exe
    2012-07-30 13:18 - 2012-07-30 13:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9FE2FAF2B94D1F6
    2012-07-30 13:13 - 2012-07-30 13:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A4F1AA4A338769
    2012-07-30 13:09 - 2012-07-30 13:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.646E8EFA69971057
    2012-07-30 13:04 - 2012-07-30 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.257A8B78D33AFE34
    2012-07-30 13:01 - 2012-07-30 13:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65E703590D180112
    2012-07-30 12:58 - 2012-07-30 12:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E96F3C519A57F521
    2012-07-30 12:55 - 2012-07-30 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD88C9432A0901BE
    2012-07-30 12:52 - 2012-07-30 12:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19FA7CD7D4577A2D
    2012-07-30 12:49 - 2012-07-30 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.954A9076AC008D1F
    2012-07-30 12:46 - 2012-07-30 12:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3180FB7F7C42E7D7
    2012-07-30 12:24 - 2012-07-30 12:24 - 00347424 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\MicrosoftFixit.WindowsFirewall.RNP.133267110647199226.1.1.Run.exe
    2012-07-29 12:15 - 2012-07-29 12:15 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-29 12:08 - 2012-07-29 12:08 - 00000012 ____A C:\Windows\srun.log
    2012-07-28 08:54 - 2012-07-28 08:54 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\{1D823631-B05E-41E6-8A14-10CA591DB209}
    2012-07-26 14:55 - 2012-07-26 14:55 - 00000425 ____A C:\Users\AliciaSueYee\Desktop\gaiman sandman.txt
    2012-07-26 12:08 - 2012-07-26 12:08 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\HorizonWimba
    2012-07-26 08:43 - 2012-07-26 08:43 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\Macromedia
    2012-07-26 06:32 - 2012-07-26 06:32 - 00054544 ____A C:\Users\AliciaSueYee\Downloads\16256_GALIRDN.ttf
    2012-07-26 06:31 - 2012-07-26 06:31 - 00041844 ____A C:\Users\AliciaSueYee\Downloads\square-slabserif-711-bold-bt.ttf
    2012-07-25 15:35 - 2012-07-25 15:37 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\Firestorm
    2012-07-25 15:35 - 2012-07-25 15:36 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Roaming\Firestorm
    2012-07-25 10:45 - 2012-07-25 10:47 - 00000000 ____D C:\Users\AliciaSueYee\Desktop\SFP NewsRoom
    2012-07-25 05:43 - 2012-07-25 05:46 - 00000000 ____D C:\Program Files (x86)\Firestorm-Release
    2012-07-23 21:42 - 2012-07-23 21:42 - 00001994 ____A C:\Users\AliciaSueYee\Desktop\Kindle.lnk
    2012-07-23 21:33 - 2012-07-23 21:45 - 00000000 ____D C:\Users\AliciaSueYee\Documents\Calibre Library
    2012-07-23 21:33 - 2012-07-23 21:36 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Roaming\calibre
    2012-07-23 21:33 - 2012-07-23 21:33 - 00000000 ____D C:\Program Files (x86)\Calibre2
    2012-07-23 21:17 - 2012-07-23 21:17 - 00000000 ____D C:\Users\AliciaSueYee\Downloads\Neil Gaiman
    2012-07-23 20:44 - 2012-07-23 20:45 - 09469165 ____A C:\Users\AliciaSueYee\Downloads\Neil Gaiman.rar
    2012-07-18 15:37 - 2012-07-30 09:39 - 00000000 ____D C:\Users\AliciaSueYee\AppData\Local\Mozilla
    2012-07-18 15:37 - 2012-07-30 00:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-07-18 15:37 - 2012-07-18 15:37 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-18 15:37 - 2012-07-18 15:37 - 00001130 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
    2012-07-18 15:37 - 2012-07-18 15:37 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-07-18 15:37 - 2012-07-18 15:37 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
    2012-07-18 15:37 - 2012-07-18 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-07-16 10:07 - 2012-07-16 10:07 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-16 10:07 - 2012-07-16 10:07 - 00001783 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-07-16 10:07 - 2009-05-18 09:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-07-16 10:07 - 2008-04-17 08:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-07-16 10:07 - 2008-04-17 08:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-07-16 10:06 - 2012-07-16 10:07 - 00000000 ____D C:\Program Files\iTunes
    2012-07-16 10:06 - 2012-07-16 10:07 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-07-16 10:06 - 2012-07-16 10:06 - 00000000 ____D C:\Program Files\iPod
    2012-07-11 12:22 - 2012-07-23 19:40 - 00000115 ____A C:\Users\AliciaSueYee\webct_upload_applet.properties
    2012-07-10 16:46 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 16:42 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-10 16:42 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-10 16:42 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-10 16:42 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-10 16:42 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-10 16:42 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-10 16:42 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-10 16:42 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-10 16:42 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-10 16:42 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-10 16:42 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-10 16:42 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-10 16:42 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-10 16:42 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-10 16:42 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-10 16:42 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-10 16:42 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-10 16:42 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-10 16:42 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-10 16:42 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-10 16:42 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-10 16:42 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-10 16:42 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-10 16:42 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-10 16:42 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-10 16:42 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-10 16:42 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-10 16:42 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-10 16:35 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 16:35 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 16:35 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 16:35 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 16:35 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 16:35 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 16:35 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 16:35 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-10 16:35 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 16:35 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 16:35 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 16:35 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 16:35 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 16:35 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 16:35 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 16:35 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 16:35 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 16:35 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 16:35 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll


    ============ 3 Months Modified Files ========================

    2012-07-30 14:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-30 14:00 - 2009-07-13 20:51 - 00062364 ____A C:\Windows\setupact.log
    2012-07-30 13:47 - 2009-07-13 21:13 - 00779526 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-30 13:28 - 2012-07-30 13:28 - 02322184 ____A (ESET) C:\Users\AliciaSueYee\Downloads\esetsmartinstaller_enu.exe
    2012-07-30 13:28 - 2012-06-19 23:13 - 00002052 ____A C:\Windows\epplauncher.mif
    2012-07-30 13:27 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-30 13:27 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-30 13:25 - 2012-07-30 13:24 - 12621696 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\mseinstall(1).exe
    2012-07-30 13:20 - 2012-05-17 17:43 - 00264544 ____A C:\Windows\SysWOW64\debug.log
    2012-07-30 13:19 - 2012-04-11 07:31 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-30 13:18 - 2012-07-30 13:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9FE2FAF2B94D1F6
    2012-07-30 13:13 - 2012-07-30 13:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A4F1AA4A338769
    2012-07-30 13:12 - 2012-04-01 19:00 - 01526527 ____A C:\Windows\WindowsUpdate.log
    2012-07-30 13:09 - 2012-07-30 13:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.646E8EFA69971057
    2012-07-30 13:04 - 2012-07-30 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.257A8B78D33AFE34
    2012-07-30 13:01 - 2012-07-30 13:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65E703590D180112
    2012-07-30 12:58 - 2012-07-30 12:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E96F3C519A57F521
    2012-07-30 12:57 - 2009-07-13 21:08 - 00032638 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-30 12:55 - 2012-07-30 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD88C9432A0901BE
    2012-07-30 12:52 - 2012-07-30 12:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19FA7CD7D4577A2D
    2012-07-30 12:49 - 2012-07-30 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.954A9076AC008D1F
    2012-07-30 12:46 - 2012-07-30 12:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3180FB7F7C42E7D7
    2012-07-30 12:46 - 2012-04-11 07:31 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-30 12:43 - 2012-06-05 18:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-30 12:33 - 2012-04-11 07:23 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    2012-07-30 12:24 - 2012-07-30 12:24 - 00347424 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\MicrosoftFixit.WindowsFirewall.RNP.133267110647199226.1.1.Run.exe
    2012-07-30 12:21 - 2012-04-11 07:38 - 00797112 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-30 11:21 - 2012-04-13 02:34 - 00000956 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    2012-07-29 19:46 - 2012-04-11 07:23 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    2012-07-29 14:21 - 2012-04-13 02:34 - 00000934 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    2012-07-29 12:08 - 2012-07-29 12:08 - 00000012 ____A C:\Windows\srun.log
    2012-07-27 22:28 - 2012-04-18 09:37 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleForALICIASUEYEE-HP$.job
    2012-07-27 08:44 - 2012-05-23 08:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-27 08:44 - 2011-11-09 09:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-26 14:55 - 2012-07-26 14:55 - 00000425 ____A C:\Users\AliciaSueYee\Desktop\gaiman sandman.txt
    2012-07-26 13:59 - 2009-07-13 20:45 - 05037360 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-26 13:58 - 2012-04-11 07:16 - 00000360 ____A C:\Windows\Tasks\HPCeeScheduleForAliciaSueYee.job
    2012-07-26 10:23 - 2012-05-03 15:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-26 10:23 - 2012-04-12 11:00 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-07-26 07:22 - 2012-04-11 07:16 - 00111880 ____A C:\Users\AliciaSueYee\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-26 06:32 - 2012-07-26 06:32 - 00054544 ____A C:\Users\AliciaSueYee\Downloads\16256_GALIRDN.ttf
    2012-07-26 06:31 - 2012-07-26 06:31 - 00041844 ____A C:\Users\AliciaSueYee\Downloads\square-slabserif-711-bold-bt.ttf
    2012-07-23 21:42 - 2012-07-23 21:42 - 00001994 ____A C:\Users\AliciaSueYee\Desktop\Kindle.lnk
    2012-07-23 21:41 - 2012-06-02 22:31 - 00000242 ____A C:\Windows\wininit.ini
    2012-07-23 20:45 - 2012-07-23 20:44 - 09469165 ____A C:\Users\AliciaSueYee\Downloads\Neil Gaiman.rar
    2012-07-23 19:40 - 2012-07-11 12:22 - 00000115 ____A C:\Users\AliciaSueYee\webct_upload_applet.properties
    2012-07-18 15:37 - 2012-07-18 15:37 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-18 15:37 - 2012-07-18 15:37 - 00001130 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
    2012-07-16 10:07 - 2012-07-16 10:07 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-16 10:07 - 2012-07-16 10:07 - 00001783 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-07-11 12:29 - 2012-04-11 07:30 - 00002439 ____A C:\Users\AliciaSueYee\Desktop\Google Chrome.lnk
    2012-07-10 16:43 - 2012-04-12 16:45 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-26 22:04 - 2012-06-26 22:04 - 00188768 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-06-20 05:58 - 2012-06-04 19:34 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-06-20 05:58 - 2012-06-04 19:34 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-06-19 23:13 - 2012-06-19 23:11 - 12621696 ____A (Microsoft Corporation) C:\Users\AliciaSueYee\Downloads\mseinstall.exe
    2012-06-19 23:09 - 2012-06-19 23:09 - 00001762 ____A C:\Users\AliciaSueYee\Desktop\Skype.lnk
    2012-06-19 22:52 - 2010-11-20 19:47 - 00669624 ____A C:\Windows\PFRO.log
    2012-06-11 19:08 - 2012-07-10 16:46 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-10 16:35 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 16:35 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-10 16:35 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 16:35 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 16:35 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 16:35 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 16:35 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 16:35 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-05 18:14 - 2012-06-05 18:14 - 00001829 ____A C:\Users\Public\Desktop\Opera.lnk
    2012-06-05 18:14 - 2012-06-05 18:14 - 00001829 ____A C:\Users\All Users\Desktop\Opera.lnk
    2012-06-02 22:31 - 2012-04-11 07:52 - 00001045 ____A C:\Users\AliciaSueYee\Desktop\Dropbox.lnk
    2012-06-02 14:19 - 2012-06-22 08:52 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-22 08:52 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-22 08:52 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-22 08:52 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-22 08:52 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-22 08:52 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-22 08:52 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-22 08:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-22 08:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-10 16:42 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-10 16:42 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-10 16:42 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-10 16:42 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-10 16:42 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-10 16:42 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-10 16:42 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-10 16:42 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-10 16:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-10 16:42 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-10 16:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-10 16:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-10 16:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-10 16:42 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-10 16:42 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-10 16:42 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-10 16:42 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-10 16:42 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-10 16:42 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-10 16:42 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-10 16:42 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-10 16:42 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-10 16:42 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-10 16:42 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-10 16:42 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-10 16:42 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-10 16:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-10 16:42 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-10 16:35 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 16:35 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 16:35 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 16:35 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 16:35 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 16:35 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 16:35 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 16:35 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 16:35 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-31 08:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-28 08:33 - 2012-05-23 15:00 - 00006444 ____A C:\Windows\SysWOW64\AppLog.log
    2012-05-25 16:30 - 2012-05-25 16:30 - 00031744 ____A C:\Users\AliciaSueYee\Downloads\Data_Set_4_-_Mothers_and_Daughters.xls
    2012-05-04 03:06 - 2012-06-12 21:40 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 21:40 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 21:40 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 00:46 - 2012-05-04 00:46 - 00002418 ____A C:\Users\AliciaSueYee\Desktop\GA Fall.txt


    ZeroAccess:
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\L
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\n
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\L\00000004.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\L\201d3dde
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\00000004.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\00000008.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\000000cb.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\80000000.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\80000032.@
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\80000064.@

    ZeroAccess:
    C:\Users\AliciaSueYee\AppData\Local\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}
    C:\Users\AliciaSueYee\AppData\Local\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\@
    C:\Users\AliciaSueYee\AppData\Local\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\L
    C:\Users\AliciaSueYee\AppData\Local\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 11%
    Total physical RAM: 8139.6 MB
    Available physical RAM: 7181.14 MB
    Total Pagefile: 8137.75 MB
    Available Pagefile: 7154.25 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:673.14 GB) (Free:552.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (Recovery) (Fixed) (Total:21.33 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
    5 Drive h: (ALICIA) (Removable) (Total:3.72 GB) (Free:2.83 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 0 B
    Disk 1 Online 3822 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 673 GB 200 MB
    Partition 3 Primary 21 GB 673 GB
    Partition 4 Primary 4062 MB 694 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 673 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 21 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 4062 MB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3818 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H ALICIA FAT32 Removable 3818 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-27 23:12

    ======================= End Of Log ==========================
  6. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    No. You posted it already.
    Re-read my previous reply.
  7. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    This should be it.

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-30 18:52:54
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  8. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    There you go :)

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  9. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    This is the Fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-30 19:21:02 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKEY_USERS\AliciaSueYee\Software\Microsoft\Windows\CurrentVersion\Run\\IBM Value deleted successfully.
    bzauzhtw service deleted successfully.
    ybtsrbid service deleted successfully.
    C:\Users\AliciaSueYee\AppData\Local\Mozilla\IBM\uctnh.dll moved successfully.
    C:\Windows\system32\drivers\bzauzhtw.sys not found.
    C:\Windows\system32\drivers\ybtsrbid.sys not found.
    C:\Windows\System32\services.exe.B9FE2FAF2B94D1F6 moved successfully.
    C:\Windows\System32\services.exe.24A4F1AA4A338769 moved successfully.
    C:\Windows\System32\services.exe.646E8EFA69971057 moved successfully.
    C:\Windows\System32\services.exe.257A8B78D33AFE34 moved successfully.
    C:\Windows\System32\services.exe.65E703590D180112 moved successfully.
    C:\Windows\System32\services.exe.E96F3C519A57F521 moved successfully.
    C:\Windows\System32\services.exe.CD88C9432A0901BE moved successfully.
    C:\Windows\System32\services.exe.19FA7CD7D4577A2D moved successfully.
    C:\Windows\System32\services.exe.954A9076AC008D1F moved successfully.
    C:\Windows\System32\services.exe.3180FB7F7C42E7D7 moved successfully.
    C:\Windows\Installer\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996} moved successfully.
    C:\Users\AliciaSueYee\AppData\Local\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====


    ~~~~~~~~~~


    And this is the combofix log:

    ComboFix 12-07-30.01 - AliciaSueYee 07/30/2012 19:30:42.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6432 [GMT -4:00]
    Running from: c:\users\AliciaSueYee\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-31 01:52 . 2012-07-31 01:52 -------- d-----w- C:\FRST
    2012-07-30 20:17 . 2012-07-30 20:26 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\ElevatedDiagnostics
    2012-07-29 20:15 . 2012-07-29 20:15 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-26 20:08 . 2012-07-26 20:08 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\HorizonWimba
    2012-07-26 16:43 . 2012-07-26 16:43 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\Macromedia
    2012-07-25 23:35 . 2012-07-25 23:36 -------- d-----w- c:\users\AliciaSueYee\AppData\Roaming\Firestorm
    2012-07-25 23:35 . 2012-07-25 23:37 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\Firestorm
    2012-07-25 13:43 . 2012-07-25 13:46 -------- d-----w- c:\program files (x86)\Firestorm-Release
    2012-07-24 05:33 . 2012-07-24 05:36 -------- d-----w- c:\users\AliciaSueYee\AppData\Roaming\calibre
    2012-07-24 05:33 . 2012-07-24 05:33 -------- d-----w- c:\program files (x86)\Calibre2
    2012-07-18 23:37 . 2012-07-30 17:39 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\Mozilla
    2012-07-18 23:37 . 2012-07-18 23:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-07-16 18:07 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-07-16 18:07 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-07-16 18:07 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-07-16 18:06 . 2012-07-16 18:06 -------- d-----w- c:\program files\iPod
    2012-07-16 18:06 . 2012-07-16 18:07 -------- d-----w- c:\program files\iTunes
    2012-07-16 18:06 . 2012-07-16 18:07 -------- d-----w- c:\program files (x86)\iTunes
    2012-07-11 00:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 00:35 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 16:44 . 2012-05-23 16:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-27 16:44 . 2011-11-09 17:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 00:43 . 2012-04-13 00:45 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-22 16:52 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 16:52 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 16:52 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 16:52 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 16:52 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 16:52 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 16:52 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-22 16:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-22 16:52 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-31 04:04 . 2012-06-19 06:16 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4012FD8-F968-4A0F-AD46-AE6130CFAA68}\mpengine.dll
    2012-05-28 17:16 . 2012-05-28 17:16 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-05-04 11:06 . 2012-06-13 05:40 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 05:40 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 05:40 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
    "Facebook Update"="c:\users\AliciaSueYee\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-16 138096]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-11 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
    "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-08-11 47616]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-05-07 1073312]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    c:\users\AliciaSueYee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Facebook Messenger.lnk - c:\users\AliciaSueYee\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-4-8 30920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/01 20:18;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-13 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-12 283200]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-01 204288]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-09-28 212944]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-01 9981952]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-01 310272]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-03-02 221184]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-03-02 65536]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - CLKMDRV10_38F51D56
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 16:44]
    .
    2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    - c:\users\AliciaSueYee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 22:16]
    .
    2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    - c:\users\AliciaSueYee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 22:16]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 15:31]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 15:31]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    - c:\users\AliciaSueYee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 15:23]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    - c:\users\AliciaSueYee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 15:23]
    .
    2012-07-28 c:\windows\Tasks\HPCeeScheduleForALICIASUEYEE-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
    .
    2012-07-26 c:\windows\Tasks\HPCeeScheduleForAliciaSueYee.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-02 1128448]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: valdosta.edu\blazeview
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\AliciaSueYee\AppData\Roaming\Mozilla\Firefox\Profiles\m0me437i.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-946850208-3789892574-1044012170-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{22CCAF02-BE7C-F83C-438D-5BCE36E68FE9}*]
    @Allowed: (Read) (RestrictedCode)
    "palglicmgojpkpjifjmnncnlmmpjohho"=hex:69,61,67,6f,6a,64,63,68,6f,66,6e,69,6c,
    66,6d,69,64,6a,00,00
    "oabhfgcncehdbphbohhdaoadchjnoe"=hex:69,61,67,6f,6a,64,63,68,6f,66,6e,69,6c,66,
    6d,69,64,6a,00,00
    .
    [HKEY_USERS\S-1-5-21-946850208-3789892574-1044012170-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):a7,c1,04,e6,31,e6,6e,d2,4f,63,5a,02,67,69,4c,21,cd,9d,5f,16,c7,
    93,7a,9d,20,e1,b6,9a,56,9b,73,9c,f7,d7,c5,7b,b2,db,14,3f,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-946850208-3789892574-1044012170-1001_Classes\Wow6432Node\CLSID\{68cc378c-ad7c-4a8f-878d-95eef510ecb9}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000a1
    "Therad"=dword:00000020
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-30 19:45:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-30 23:45
    .
    Pre-Run: 596,222,480,384 bytes free
    Post-Run: 596,471,951,360 bytes free
    .
    - - End Of File - - 315513D1C70B0FEDF09DB6A2AE4B2708
  10. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RegNull::
    [HKEY_USERS\S-1-5-21-946850208-3789892574-1044012170-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{22CCAF02-BE7C-F83C-438D-5BCE36E68FE9}*]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  11. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    I think this should be it:

    ComboFix 12-07-30.01 - AliciaSueYee 07/30/2012 19:58:56.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6392 [GMT -4:00]
    Running from: c:\users\AliciaSueYee\Desktop\ComboFix.exe
    Command switches used :: c:\users\AliciaSueYee\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\DEBUG.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-31 01:52 . 2012-07-31 01:52 -------- d-----w- C:\FRST
    2012-07-31 00:06 . 2012-07-31 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-30 20:17 . 2012-07-30 20:26 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\ElevatedDiagnostics
    2012-07-29 20:15 . 2012-07-29 20:15 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-26 20:08 . 2012-07-26 20:08 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\HorizonWimba
    2012-07-26 16:43 . 2012-07-26 16:43 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\Macromedia
    2012-07-25 23:35 . 2012-07-25 23:36 -------- d-----w- c:\users\AliciaSueYee\AppData\Roaming\Firestorm
    2012-07-25 23:35 . 2012-07-25 23:37 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\Firestorm
    2012-07-25 13:43 . 2012-07-25 13:46 -------- d-----w- c:\program files (x86)\Firestorm-Release
    2012-07-24 05:33 . 2012-07-24 05:36 -------- d-----w- c:\users\AliciaSueYee\AppData\Roaming\calibre
    2012-07-24 05:33 . 2012-07-24 05:33 -------- d-----w- c:\program files (x86)\Calibre2
    2012-07-18 23:37 . 2012-07-30 17:39 -------- d-----w- c:\users\AliciaSueYee\AppData\Local\Mozilla
    2012-07-18 23:37 . 2012-07-18 23:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-07-16 18:07 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-07-16 18:07 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-07-16 18:07 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-07-16 18:06 . 2012-07-16 18:06 -------- d-----w- c:\program files\iPod
    2012-07-16 18:06 . 2012-07-16 18:07 -------- d-----w- c:\program files\iTunes
    2012-07-16 18:06 . 2012-07-16 18:07 -------- d-----w- c:\program files (x86)\iTunes
    2012-07-11 00:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 00:35 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 16:44 . 2012-05-23 16:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-27 16:44 . 2011-11-09 17:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 00:43 . 2012-04-13 00:45 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-22 16:52 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 16:52 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 16:52 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 16:52 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 16:52 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 16:52 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 16:52 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-22 16:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-22 16:52 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-31 04:04 . 2012-06-19 06:16 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4012FD8-F968-4A0F-AD46-AE6130CFAA68}\mpengine.dll
    2012-05-28 17:16 . 2012-05-28 17:16 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-05-04 11:06 . 2012-06-13 05:40 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 05:40 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 05:40 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-30_23.40.52 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-07-30 23:40 . 2012-07-30 23:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-31 00:07 . 2012-07-31 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-31 00:07 . 2012-07-31 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-30 23:40 . 2012-07-30 23:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-07-30 23:54 660762 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-30 23:27 660762 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-30 23:54 121400 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-07-30 23:27 121400 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-07-31 00:06 487052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-07-30 23:39 487052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-04-02 03:26 . 2012-07-31 00:06 2437008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2012-04-02 03:26 . 2012-07-30 23:39 2437008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-04-11 22:56 . 2012-07-31 00:06 28035874 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-946850208-3789892574-1044012170-1001-8192.dat
    - 2012-04-11 22:56 . 2012-07-30 23:39 28035874 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-946850208-3789892574-1044012170-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
    "Facebook Update"="c:\users\AliciaSueYee\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-16 138096]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-11 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
    "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-08-11 47616]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-05-07 1073312]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    c:\users\AliciaSueYee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Facebook Messenger.lnk - c:\users\AliciaSueYee\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-4-8 30920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/01 20:18;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-13 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-12 283200]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-01 204288]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-09-28 212944]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-01 9981952]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-01 310272]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-03-02 221184]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-03-02 65536]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_38F51D56
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 16:44]
    .
    2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    - c:\users\AliciaSueYee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 22:16]
    .
    2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    - c:\users\AliciaSueYee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 22:16]
    .
    2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 15:31]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 15:31]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    - c:\users\AliciaSueYee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 15:23]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    - c:\users\AliciaSueYee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 15:23]
    .
    2012-07-28 c:\windows\Tasks\HPCeeScheduleForALICIASUEYEE-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
    .
    2012-07-26 c:\windows\Tasks\HPCeeScheduleForAliciaSueYee.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\AliciaSueYee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-02 1128448]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: valdosta.edu\blazeview
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\AliciaSueYee\AppData\Roaming\Mozilla\Firefox\Profiles\m0me437i.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-946850208-3789892574-1044012170-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):a7,c1,04,e6,31,e6,6e,d2,4f,63,5a,02,67,69,4c,21,cd,9d,5f,16,c7,
    93,7a,9d,20,e1,b6,9a,56,9b,73,9c,f7,d7,c5,7b,b2,db,14,3f,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-946850208-3789892574-1044012170-1001_Classes\Wow6432Node\CLSID\{68cc378c-ad7c-4a8f-878d-95eef510ecb9}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000a1
    "Therad"=dword:00000020
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-30 20:12:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-31 00:12
    ComboFix2.txt 2012-07-30 23:45
    .
    Pre-Run: 596,608,798,720 bytes free
    Post-Run: 596,296,601,600 bytes free
    .
    - - End Of File - - 4DE78A3F9401DFA5414186879BEF6D45
     
  12. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Good :)

    Any current issues?

    ====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    No problems so far :)

    The MBAM log:

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.31.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    AliciaSueYee :: ALICIASUEYEE-HP [administrator]

    Protection: Enabled

    7/30/2012 8:40:39 PM
    mbam-log-2012-07-30 (20-40-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195678
    Time elapsed: 2 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  14. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    And the OTL log:

    OTL Extras logfile created on: 7/30/2012 8:44:43 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\AliciaSueYee\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.95 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.81% Memory free
    15.90 Gb Paging File | 13.61 Gb Available in Paging File | 85.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 673.14 Gb Total Space | 555.40 Gb Free Space | 82.51% Space Free | Partition Type: NTFS
    Drive D: | 21.33 Gb Total Space | 2.30 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.10% Space Free | Partition Type: FAT32
    Drive G: | 3.72 Gb Total Space | 2.83 Gb Free Space | 76.07% Space Free | Partition Type: FAT32

    Computer Name: ALICIASUEYEE-HP | User Name: AliciaSueYee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
    "{0576788F-2993-455F-80CD-980114095103}" = HP Security Assistant
    "{104898A0-CA37-4BB4-AC27-46B6FE3280DD}" = Fresco Logic USB3.0 Host Controller
    "{1876545F-47B1-80A7-2F98-D175DA98A392}" = ccc-utility64
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
    "{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}" = HP 3D DriveGuard
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "SynTPDeinstKey" = Synaptics TouchPad Driver
    "WinRAR archiver" = WinRAR 4.11 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}" = Catalyst Control Center Graphics Previews Common
    "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{120F4744-38ED-FB1E-F313-A7A7E419A71E}" = CCC Help Chinese Traditional
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{135AAD7D-FB4A-800C-E7F2-58D02B936C38}" = Catalyst Control Center Localization All
    "{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
    "{178EA4CE-9622-76B4-308F-73FEC150DBB4}" = CCC Help Norwegian
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}" = CCC Help Swedish
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}" = CCC Help Portuguese
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
    "{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel(R) Identity Protection Technology 1.2.22.0
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{412308A1-73B4-A26B-57A8-BE827ADA9BF9}" = Catalyst Control Center Profiles Mobile
    "{423FBEB8-21C6-4720-A8DA-B19B06FDB607}" = HP SimplePass 2012
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6937DA-DABE-31C9-C433-D67C640B7BED}" = CCC Help Italian
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{52594AFD-2797-356A-CC6F-57047524F1E1}" = CCC Help Japanese
    "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C7F3D35-9018-A839-3B9C-E50B517B9458}" = CCC Help Hungarian
    "{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{60CD8628-DDD9-B498-A368-D01A4793CCFA}" = CCC Help Dutch
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6866ADAD-71F1-D306-B979-6371D8C4411A}" = CCC Help German
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
    "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
    "{76D0E682-0183-E295-FA4C-DA6763669CCA}" = CCC Help English
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
    "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83A5D4E9-7FE6-336D-9525-F1C879496014}" = Google Talk Plugin
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DB85CDE-EC37-A333-05B1-23846D03F08D}" = CCC Help Russian
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}" = CCC Help French
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BCA64E3-D180-4F13-8014-5E62947150C1}" = HP Documentation
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}" = CCC Help Korean
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{B357B619-36C5-7C1E-063B-92677609CB14}" = CCC Help Danish
    "{B364DC2A-9783-4737-B795-D6F0562A41C5}" = calibre
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
    "{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}" = CCC Help Turkish
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C5D8263A-4D81-8979-91DE-B10120642FC5}" = Catalyst Control Center
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}" = CCC Help Finnish
    "{CF48FF43-B417-637C-C804-0F285FD7ED05}" = CCC Help Spanish
    "{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}" = CCC Help Czech
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}" = CCC Help Greek
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E59E0B3D-F840-5910-DF8C-73CFA82613C2}" = CCC Help Polish
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E635F3DC-E92B-6E68-A2E7-BF77298E8584}" = PX Profile Update
    "{E77268D6-5E7F-6DE1-34AC-A1A276710C21}" = CCC Help Chinese Standard
    "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
    "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
    "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
    "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
    "{F5C7356C-463C-75BC-E4E0-324E4516EB73}" = CCC Help Thai
    "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "5513-1208-7298-9440" = JDownloader 0.9
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Audacity_is1" = Audacity 2.0
    "Blend_4.0.20525.0" = Microsoft Expression Blend 4
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.WidgetBrowser" = Adobe Widget Browser
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "DivX Setup" = DivX Setup
    "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "Firestorm-Release" = Firestorm-Release (remove only)
    "foobar2000" = foobar2000 v1.1.11
    "Free Download Manager_is1" = Free Download Manager 3.8
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
    "Internet Download Manager" = Internet Download Manager
    "LAME_is1" = LAME v3.99.3 (for Windows)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Opera 12.00.1467" = Opera 12.00
    "Rainmeter" = Rainmeter
    "uTorrent" = µTorrent
    "VIP Access SDK" = VIP Access SDK (1.1.0.4)
    "VLC media player" = VLC media player 2.0.1
    "Web_4.0.1303.0" = Microsoft Expression Web 4
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-1264d617-1352-47cb-81ab-79adb878b3b6" = RollerCoaster Tycoon 3: Platinum
    "WTA-12a142f3-b316-41d7-b34f-9ec4ce72bf4c" = Plants vs. Zombies - Game of the Year
    "WTA-2d316535-4a51-463a-b5cd-db37b4b3ac7d" = Jewel Match 3
    "WTA-400eb1ac-a884-4f8b-a54e-458c131de0fb" = Blackhawk Striker 2
    "WTA-5efc9b37-664c-4108-812a-dd2ded3d9a98" = FATE
    "WTA-605d3c8f-4e74-48fb-a7fb-67642e0c6353" = Farmscapes
    "WTA-6164c530-93ee-4c99-adc6-836dada4e7de" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    "WTA-61dbb20b-8864-4151-a181-26960025718c" = Bejeweled 3
    "WTA-65238e55-f612-401c-9c28-4cdfef664138" = Luxor HD
    "WTA-9d5869d9-db4e-40ab-ba12-ad2ee7b549ef" = Letters from Nowhere 2
    "WTA-9fb14817-09b8-45c0-b08e-29ee1fdd8e8e" = Final Drive Fury
    "WTA-a0d9ab7f-de6f-4bfc-a022-81bed9254435" = Chuzzle Deluxe
    "WTA-a53b75c1-ed95-486e-a679-cd3562fd640a" = Torchlight
    "WTA-b7b17d52-3023-4cf8-9168-a452ed75403b" = Farm Frenzy
    "WTA-bdd37a7c-a404-4af8-abf3-d5d4a9b854f9" = Penguins!
    "WTA-c42a7736-a9e3-4569-a67b-caa29d6e5106" = John Deere Drive Green
    "WTA-dea78cf6-b302-434d-ab88-f65c65c1f6bc" = The Treasures of Mystery Island: The Ghost Ship
    "WTA-e0a3b505-d19b-47c5-a192-4869bf1efa19" = Cradle of Rome 2
    "WTA-f6780050-e8c7-470d-8911-9df828cf28c4" = Virtual Villagers 4 - The Tree of Life

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-946850208-3789892574-1044012170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MusicManager" = Music Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/23/2012 2:22:53 PM | Computer Name = AliciaSueYee-HP | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(00:c6:10:30:82:aa@fe80::2c6:10ff:fe30:82aa._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 7/23/2012 3:25:55 PM | Computer Name = AliciaSueYee-HP | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(34:51:c9:70:53:c3@fe80::3651:c9ff:fe70:53c3._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 7/23/2012 3:25:57 PM | Computer Name = AliciaSueYee-HP | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(cc:08:e0:4b:27:81@fe80::ce08:e0ff:fe4b:2781._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 7/23/2012 3:25:57 PM | Computer Name = AliciaSueYee-HP | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(7c:11:be:dd:9b:eb@fe80::7e11:beff:fedd:9beb._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 7/23/2012 3:25:57 PM | Computer Name = AliciaSueYee-HP | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(1c:ab:a7:b8:30:2a@fe80::1eab:a7ff:feb8:302a._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 7/23/2012 3:25:57 PM | Computer Name = AliciaSueYee-HP | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(e0:b9:ba:87:39:a6@fe80::e2b9:baff:fe87:39a6._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 7/23/2012 6:21:05 PM | Computer Name = AliciaSueYee-HP | Source = Google Update | ID = 20
    Description =

    Error - 7/23/2012 9:36:16 PM | Computer Name = AliciaSueYee-HP | Source = Google Update | ID = 20
    Description =

    Error - 7/24/2012 12:29:11 AM | Computer Name = AliciaSueYee-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 7/24/2012 1:31:50 AM | Computer Name = AliciaSueYee-HP | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Users\AliciaSueYee\Desktop\Windows
    Live Messenger.exe". Dependent Assembly UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ Hewlett-Packard Events ]
    Error - 4/19/2012 3:36:39 PM | Computer Name = AliciaSueYee-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 4/19/2012 3:39:19 PM | Computer Name = AliciaSueYee-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/3/2012 7:18:31 PM | Computer Name = AliciaSueYee-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/11/2012 3:54:29 PM | Computer Name = AliciaSueYee-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/11/2012 4:05:07 PM | Computer Name = AliciaSueYee-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/17/2012 9:24:13 PM | Computer Name = AliciaSueYee-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/25/2012 8:30:43 PM | Computer Name = AliciaSueYee-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/31/2012 7:05:34 PM | Computer Name = AliciaSueYee-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 6/21/2012 5:51:39 PM | Computer Name = AliciaSueYee-HP | Source = HPSF.exe | ID = 4000
    Description =

    [ HP Software Framework Events ]
    Error - 4/12/2012 3:01:02 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/12 15:01:02.362|00001378|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 4/19/2012 3:36:10 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/19 15:36:10.645|0000089C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 4/19/2012 3:36:13 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/19 15:36:13.256|00001158|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 4/22/2012 7:17:09 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/22 19:17:09.960|000008DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 4/22/2012 7:17:14 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/22 19:17:14.087|0000048C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/3/2012 7:17:52 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/03 19:17:52.557|00001A28|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/3/2012 7:17:53 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/03 19:17:53.840|000018D0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/3/2012 7:17:57 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/03 19:17:57.056|00001164|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/11/2012 3:53:08 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/11 15:53:08.259|00001508|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/11/2012 3:53:10 PM | Computer Name = AliciaSueYee-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/11 15:53:10.867|00001014|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    [ System Events ]
    Error - 7/30/2012 5:14:54 PM | Computer Name = AliciaSueYee-HP | Source = Service Control Manager | ID = 7024
    Description = The Windows Firewall service terminated with service-specific error
    %%5.

    Error - 7/30/2012 5:14:55 PM | Computer Name = AliciaSueYee-HP | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/30/2012 5:16:02 PM | Computer Name = AliciaSueYee-HP | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/30/2012 5:16:02 PM | Computer Name = AliciaSueYee-HP | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/30/2012 5:16:39 PM | Computer Name = AliciaSueYee-HP | Source = Service Control Manager | ID = 7024
    Description = The Windows Firewall service terminated with service-specific error
    %%5.

    Error - 7/30/2012 5:19:40 PM | Computer Name = AliciaSueYee-HP | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:17:41 PM on ?7/?30/?2012 was unexpected.

    Error - 7/30/2012 5:19:46 PM | Computer Name = AliciaSueYee-HP | Source = Service Control Manager | ID = 7024
    Description = The Windows Firewall service terminated with service-specific error
    %%5.

    Error - 7/30/2012 5:19:48 PM | Computer Name = AliciaSueYee-HP | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/30/2012 5:21:10 PM | Computer Name = AliciaSueYee-HP | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/30/2012 5:21:10 PM | Computer Name = AliciaSueYee-HP | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891
  15. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

  16. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    You posted Extras.txt twice.
    I still need OTL.txt log.
  17. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    Ahh! I'm sorry! I thought it was the right one... Sorry!

    Out of curiosity though... What's with the errors in the extras.txt file? I mean, what do they mean?

    OTL logfile created on: 7/30/2012 8:44:43 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\AliciaSueYee\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.95 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.81% Memory free
    15.90 Gb Paging File | 13.61 Gb Available in Paging File | 85.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 673.14 Gb Total Space | 555.40 Gb Free Space | 82.51% Space Free | Partition Type: NTFS
    Drive D: | 21.33 Gb Total Space | 2.30 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.10% Space Free | Partition Type: FAT32
    Drive G: | 3.72 Gb Total Space | 2.83 Gb Free Space | 76.07% Space Free | Partition Type: FAT32

    Computer Name: ALICIASUEYEE-HP | User Name: AliciaSueYee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/30 20:43:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\AliciaSueYee\Downloads\OTL.exe
    PRC - [2012/07/26 10:29:46 | 000,244,656 | ---- | M] (Facebook) -- C:\Users\AliciaSueYee\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\AliciaSueYee\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/28 18:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/09/28 16:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2011/08/26 18:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    PRC - [2011/08/26 06:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
    PRC - [2011/08/26 06:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
    PRC - [2011/08/26 06:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
    PRC - [2011/08/19 18:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/08/09 12:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/08/09 12:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/05/20 13:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/05/20 13:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/26 10:30:04 | 021,014,960 | ---- | M] () -- C:\Users\AliciaSueYee\AppData\Local\Facebook\Messenger\2.1.4590.0\libcef.dll
    MOD - [2012/07/26 10:29:40 | 000,283,568 | ---- | M] () -- C:\Users\AliciaSueYee\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.WinForms.dll
    MOD - [2012/07/26 10:29:36 | 000,455,600 | ---- | M] () -- C:\Users\AliciaSueYee\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.dll
    MOD - [2012/06/13 03:25:27 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
    MOD - [2012/06/13 03:21:23 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/06/13 03:21:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 03:20:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/29 03:59:12 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012/05/29 03:59:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/29 03:59:02 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
    MOD - [2012/05/29 03:59:01 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/29 03:58:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/29 03:58:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/29 03:58:37 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/29 03:58:33 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/10/01 02:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/06/02 09:11:26 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/05/27 14:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2011/02/17 02:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
    SRV:64bit: - [2010/10/11 06:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/07/27 12:44:01 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/09/28 16:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2011/09/09 21:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/08/26 06:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
    SRV - [2011/08/09 12:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/08/09 12:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2011/06/28 21:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/05/20 13:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/02/25 00:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/04/12 05:57:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/02 09:37:58 | 000,221,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2012/03/02 09:37:58 | 000,065,536 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/07 21:13:32 | 000,149,640 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
    DRV:64bit: - [2011/11/09 13:16:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/11/09 13:16:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/10/01 04:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/10/01 01:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/08/09 12:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2011/07/18 20:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2011/06/02 09:11:26 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/05/30 20:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/05/27 14:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/05/27 14:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/20 12:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/02/16 22:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/20 11:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{5E7CB252-84B5-4F1A-8AEE-2D5C5CFD0DCA}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{5E7CB252-84B5-4F1A-8AEE-2D5C5CFD0DCA}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\SearchScopes\{5E7CB252-84B5-4F1A-8AEE-2D5C5CFD0DCA}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7PRFB_enUS482
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...a7de73dc3&lang=en&ds=st011&pr=sa&d=2012-06-03 12:23:58&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\AliciaSueYee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\AliciaSueYee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\AliciaSueYee\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\AliciaSueYee\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\AliciaSueYee\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/22 23:33:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/13 02:02:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 04:00:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 04:00:18 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\AliciaSueYee\AppData\Roaming\IDM\idmmzcc5 [2012/04/11 12:00:54 | 000,000,000 | ---D | M]

    [2012/07/18 19:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AliciaSueYee\AppData\Roaming\Mozilla\Extensions
    [2012/04/11 19:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AliciaSueYee\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/04/11 19:19:43 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\AliciaSueYee\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/07/30 13:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AliciaSueYee\AppData\Roaming\Mozilla\Firefox\Profiles\m0me437i.default\extensions
    [2012/07/19 21:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/19 21:27:22 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
    [2012/07/30 04:00:18 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: about:blank
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: about:blank
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Simple Pass 2012 (Enabled) = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Desktop (Enabled) = C:\Users\AliciaSueYee\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Music Notation Training = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\baflflhaeoafhbeiioodmdmjohkoalio\1_0\
    CHR - Extension: Learn Photoshop = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbjagopmcakkgjbgbifndmgghhelkkc\1.0_0\
    CHR - Extension: YouTube = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Flashcard Stash = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgopclnilgekngdlkfkegddejocmmmim\3_0\
    CHR - Extension: Google Search = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: iVocab: GRE, TOEFL and SAT = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddbfkngjokojcmmadaaipmjiacnnmgbl\1.4_0\
    CHR - Extension: Website Logon = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
    CHR - Extension: Read Later Fast = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.0_0\
    CHR - Extension: TyrannosaurusPrep GRE & SAT Vocabulary = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbpblkfnckpmjefkciildnehjfpmkbe\1_0\
    CHR - Extension: Wiki Search = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkpndjkfbnfjochpfomhdiddefaidnfn\0.0.0.1_0\
    CHR - Extension: My Research Helper = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gocajgdblflbkajkbhindcnnlfpikmif\1.1_0\
    CHR - Extension: Classic = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
    CHR - Extension: Dictionary Instant = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol\1.0.22_0\
    CHR - Extension: a Google a Day = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfffneapblebcpnkjdocjgopbajigool\1_0\
    CHR - Extension: GRE Touch = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\keaodikggjkgjfeajjpjagpbhkdgjhkj\1.4_0\
    CHR - Extension: GRE TIME = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpcpinhjogbmpkfkabckbmfajmimlmp\3_0\
    CHR - Extension: Google Play Books = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
    CHR - Extension: StudyStack = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboldpjijadohjhnkadkdbonjlgbjadd\1_0\
    CHR - Extension: GRE Lite (Keys) = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmbfkilpjgbghlbmjlkliabpooelcpid\4.8.1.0_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: GRE 1200 Words in 30 Days = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnelmbegaeghmfgcfidjckefcocieih\3.3.5_0\
    CHR - Extension: Thesaurus = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddaeeclcbikcegjhhgocgkakehngcem\1.4_0\
    CHR - Extension: Gmail = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Academic Earth = C:\Users\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljkhccciiafkhkbkfgifncgbhdabmce\1_0\
  18. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    And this should be the other half:

    O1 HOSTS File: ([2012/07/30 20:07:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
    O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-946850208-3789892574-1044012170-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-946850208-3789892574-1044012170-1001..\Run: [Facebook Update] C:\Users\AliciaSueYee\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\AliciaSueYee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\AliciaSueYee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\AliciaSueYee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\AliciaSueYee\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)
    O4 - Startup: C:\Users\AliciaSueYee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/sto...sPage&SiteID=hpappli&Locale=en_US&keywords=%w
    O7 - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
    O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
    O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
    O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
    O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
    O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
    O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-946850208-3789892574-1044012170-1001\..Trusted Domains: valdosta.edu ([blazeview] http in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15A785F0-1675-4DE2-A0EE-41CF58599027}: DhcpNameServer = 172.168.51.52
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ADCC2D2-3692-4C50-ADC3-4046979B085F}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/30 21:52:32 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/30 20:39:25 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Roaming\Malwarebytes
    [2012/07/30 20:39:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/30 20:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/30 20:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/30 20:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/30 20:14:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/30 20:12:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/30 19:27:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/30 19:27:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/30 19:27:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/30 19:27:49 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/30 19:27:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/30 19:25:10 | 004,722,436 | R--- | C] (Swearware) -- C:\Users\AliciaSueYee\Desktop\ComboFix.exe
    [2012/07/30 16:17:24 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Local\ElevatedDiagnostics
    [2012/07/29 16:15:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/28 12:54:57 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Local\{1D823631-B05E-41E6-8A14-10CA591DB209}
    [2012/07/26 16:08:20 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Local\HorizonWimba
    [2012/07/26 12:43:00 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Local\Macromedia
    [2012/07/25 19:35:33 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Roaming\Firestorm
    [2012/07/25 19:35:32 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Local\Firestorm
    [2012/07/25 14:45:49 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\Desktop\SFP NewsRoom
    [2012/07/25 09:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
    [2012/07/25 09:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firestorm-Release
    [2012/07/24 01:42:20 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
    [2012/07/24 01:33:39 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\Documents\Calibre Library
    [2012/07/24 01:33:37 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Roaming\calibre
    [2012/07/24 01:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
    [2012/07/24 01:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    [2012/07/18 19:37:45 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Local\Mozilla
    [2012/07/18 19:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/07/18 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/07/18 19:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/07/16 14:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/07/16 14:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/07/16 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/07/16 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/07/10 00:40:50 | 000,000,000 | ---D | C] -- C:\Users\AliciaSueYee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
    [2011/09/28 16:18:32 | 000,020,944 | ---- | C] (Intel Corporation) -- C:\Users\AliciaSueYee\AppData\Roaming\JomCap.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/07/30 20:46:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/30 20:46:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/30 20:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/30 20:33:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    [2012/07/30 20:21:53 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 20:21:53 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 20:19:37 | 000,779,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/30 20:19:37 | 000,660,762 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/30 20:19:37 | 000,121,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/30 20:14:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/30 20:14:10 | 2106,273,791 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/30 20:07:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/30 19:25:40 | 004,722,436 | R--- | M] (Swearware) -- C:\Users\AliciaSueYee\Desktop\ComboFix.exe
    [2012/07/30 17:28:48 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/30 16:21:23 | 000,797,112 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/30 15:21:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    [2012/07/29 23:46:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    [2012/07/29 18:21:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    [2012/07/28 02:28:44 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALICIASUEYEE-HP$.job
    [2012/07/27 00:28:26 | 000,001,346 | ---- | M] () -- C:\Users\AliciaSueYee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
    [2012/07/26 17:59:38 | 005,037,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/26 17:58:35 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAliciaSueYee.job
    [2012/07/24 01:42:21 | 000,001,994 | ---- | M] () -- C:\Users\AliciaSueYee\Desktop\Kindle.lnk
    [2012/07/24 01:41:51 | 000,000,242 | ---- | M] () -- C:\Windows\wininit.ini
    [2012/07/23 23:40:23 | 000,000,115 | ---- | M] () -- C:\Users\AliciaSueYee\webct_upload_applet.properties
    [2012/07/18 19:37:41 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/07/16 14:07:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/07/11 16:29:20 | 000,002,439 | ---- | M] () -- C:\Users\AliciaSueYee\Desktop\Google Chrome.lnk
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/07/30 19:27:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/30 19:27:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/30 19:27:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/30 19:27:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/30 19:27:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/24 01:42:21 | 000,001,994 | ---- | C] () -- C:\Users\AliciaSueYee\Desktop\Kindle.lnk
    [2012/07/18 19:37:41 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/07/18 19:37:41 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/07/16 14:07:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/07/11 16:22:23 | 000,000,115 | ---- | C] () -- C:\Users\AliciaSueYee\webct_upload_applet.properties
    [2012/06/27 02:04:50 | 000,188,768 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/06/03 02:31:40 | 000,000,242 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/04/17 22:02:11 | 000,004,608 | ---- | C] () -- C:\Users\AliciaSueYee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/12 20:41:12 | 000,000,210 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2012/04/11 11:38:10 | 000,797,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/04/01 23:07:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/04/01 23:03:22 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2012/04/01 22:58:21 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2012/04/01 22:57:03 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/04/01 22:57:01 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/04/01 22:57:01 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/04/01 22:57:00 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/04/01 22:57:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/04/01 22:56:58 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/10/01 01:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/09/06 15:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

    ========== LOP Check ==========

    [2012/06/21 18:19:29 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Audacity
    [2012/04/13 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Awem
    [2012/04/12 20:38:36 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Blio
    [2012/07/24 01:36:30 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\calibre
    [2012/06/03 15:49:34 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/04/12 05:58:54 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\DAEMON Tools Lite
    [2012/06/10 05:25:20 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\DMCache
    [2012/07/30 20:14:52 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Dropbox
    [2012/07/25 19:36:21 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Firestorm
    [2012/07/30 03:03:19 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\foobar2000
    [2012/04/11 12:04:08 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Free Download Manager
    [2012/04/11 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\IDM
    [2012/05/22 23:28:25 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\IDT
    [2012/06/05 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Opera
    [2012/06/11 07:38:19 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\PDAppFlex
    [2012/06/03 12:24:47 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\PowerISO
    [2012/04/11 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Rainmeter
    [2012/05/23 19:00:39 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Registry Mechanic
    [2012/04/12 06:19:07 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\SoftGrid Client
    [2012/06/11 07:40:43 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/04/11 11:16:53 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Synaptics
    [2012/06/03 23:05:00 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\Thinstall
    [2012/04/11 11:39:07 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\TP
    [2012/06/03 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\uTorrent
    [2012/05/22 23:25:13 | 000,000,000 | ---D | M] -- C:\Users\AliciaSueYee\AppData\Roaming\WebApp
    [2012/07/29 18:21:00 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001Core.job
    [2012/07/30 15:21:00 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-946850208-3789892574-1044012170-1001UA.job
    [2012/07/30 16:57:07 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >
  19. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    What happened to MSE?
    I don't see it running.
    If you uninstalled it, reinstall.

    ================================

    OTL logs are clean.

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  20. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    Security Check log:

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    JavaFX 2.1.0
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Reader X (10.1.3)
    Mozilla Firefox 13.0.1 Firefox out of Date!
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````











    FSS Log:

    Farbar Service Scanner Version: 26-07-2012
    Ran by AliciaSueYee (administrator) on 30-07-2012 at 22:04:00
    Running from "C:\Users\AliciaSueYee\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****

    EsetScan:

    C:\Documents and Settings\AliciaSueYee\AppData\Local\Google\Chrome\User Data\Default\Default\aagbdcgddggdgddfdhgedbggdegcgdde\background.htmlWin32/BHO.OEI trojancleaned by deleting - quarantined
    C:\Documents and Settings\AliciaSueYee\AppData\Roaming\Mozilla\Firefox\Profiles\m0me437i.default\extensions\spviajvcpk@spviajvcpk.org.xpiJS/Redirector.NCA trojandeleted - quarantined
    C:\Documents and Settings\AliciaSueYee\Downloads\Programs\internet-download-manager-s32-downloader.exea variant of Win32/Soft32Downloader.A applicationcleaned by deleting - quarantined
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dlla variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined
    C:\FRST\Quarantine\services.exeWin64/Patched.B.Gen trojandeleted - quarantined
    C:\FRST\Quarantine\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\nWin64/Sirefef.W trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{fe3ef9bd-ee77-7df8-f15b-3ef5e0bbf996}\U\80000032.@a variant of Win32/Sirefef.FD trojancleaned by deleting - quarantined

    My Java is out of date because my school's blackboard system is compatible with an older version of Java. I've checked my Firefox - apparently, it's up-to-date?
  21. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    You didn't answer my question:
    [​IMG]

    ====================================

    Current Firefox version is 14.0.1

    Java should be always kept up to date.
    If your school requires some older version you don't have too much choice but leave it alone.

    =====================================

    We have one corrupted registry key affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on bits.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.
  22. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    I reinstalled MSE as according to your instructions! I'm sorry I didn't answer it.

    New FSS log:

    Farbar Service Scanner Version: 26-07-2012
    Ran by AliciaSueYee (administrator) on 31-07-2012 at 22:19:14
    Running from "C:\Users\AliciaSueYee\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Attempt to access Google.com returned error: Google.com is offline
    Attempt to access Yahoo IP returned error: Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  23. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Is MSE in working condition?
    Can you update it, run scan etc.?
  24. aliciaw

    aliciaw Newcomer, in training Topic Starter Posts: 16

    Yes, I can update it, run scans, and it is working well.

    Should I run another scan or anything else?
  25. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    No.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.