Solved Windows 7 infected with sirefef.w - please help!

[Jimmylegs]

Hello, running windows 7 64 bit and MSE quarantines the virus but my system keeps restarting. Below is the FRST 64 log I got following the steps from the same problem others were seeing.

Scan result of Farbar Recovery Scan Tool Version: 08-07-2012
Ran by SYSTEM at 08-07-2012 19:44:29
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [244208 2009-06-10] (Sonic Solutions)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-31] ()
HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [313768 2012-05-29] (Razer USA Ltd)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKU\Ben\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-09-16] (Hewlett-Packard Company)
HKU\Ben\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-10] (Valve Corporation)
HKU\Ben\...\Run: [googletalk] C:\Users\Ben\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\Ben\...\Run: [Akamai NetSession Interface] "C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Ben\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-05] ()
HKU\Ben\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Mcx1-BEN-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\Ben\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Ben\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll [3417376 2012-05-29] ()
2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-07-01] ()
2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-04-05] (Hi-Rez Studios)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [309744 2009-06-10] (Sonic Solutions)
3 RoxMediaDB10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [1124848 2009-06-10] (Sonic Solutions)
2 RoxWatch10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [166384 2009-06-10] (Sonic Solutions)

========================== Drivers (Whitelisted) =============

3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [297512 2010-03-01] (Marvell Semiconductor, Inc.)
3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
3 X6va005; \??\C:\Users\Ben\AppData\Local\Temp\005C6CB.tmp [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-08 16:11 - 2012-07-08 16:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.845BF50177380399
2012-07-08 16:11 - 2012-07-08 16:11 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wwxbxcrp.sys
2012-07-08 16:08 - 2012-07-08 16:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.44AA3338104B6E3D
2012-07-08 16:02 - 2012-07-08 16:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EAFBDE03A65DF197
2012-07-08 15:51 - 2012-07-08 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55803236603CA329
2012-07-08 15:46 - 2012-07-08 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BDAF9F0B1C47E69
2012-07-08 15:43 - 2012-07-08 15:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F68EC965F94E8691
2012-07-08 15:40 - 2012-07-08 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29AF63660CC08E95
2012-07-08 15:37 - 2012-07-08 15:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBED37C230C01BD2
2012-07-08 15:17 - 2012-07-08 15:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63046893A68EAA2E
2012-07-08 15:08 - 2012-07-08 15:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9FEA7601A683CF7
2012-07-08 15:02 - 2012-07-08 15:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-08 15:02 - 2012-07-08 15:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-08 15:00 - 2012-07-08 15:00 - 12621696 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\mseinstall(1).exe
2012-07-08 14:58 - 2012-07-08 14:59 - 01287528 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\wlsetup-web(1).exe
2012-07-08 14:53 - 2012-07-08 14:53 - 01287528 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\wlsetup-web.exe
2012-07-08 14:53 - 2012-07-08 14:53 - 00000000 ____D C:\Users\Ben\AppData\Local\Windows Live
2012-07-08 14:53 - 2012-07-08 14:53 - 00000000 ____D C:\Users\Ben\AppData\Local\{368698C1-9B38-472D-9682-9834FB3D2740}
2012-07-07 21:36 - 2012-07-07 21:36 - 00000879 ____A C:\Users\Ben\Desktop\Gw2 - Shortcut.lnk
2012-07-06 17:42 - 2012-07-06 17:43 - 00000000 ____D C:\Users\Ben\AppData\Local\Microsoft Games
2012-07-04 16:10 - 2012-07-04 16:10 - 00000000 ____D C:\Users\All Users\ATI
2012-07-04 16:10 - 2012-07-04 16:10 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-07-04 11:08 - 2012-07-04 11:08 - 00000970 ____A C:\Users\Public\Desktop\Xfire.lnk
2012-07-04 11:08 - 2012-07-04 11:08 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Xfire
2012-07-04 11:08 - 2012-07-04 11:08 - 00000000 ____D C:\Users\All Users\Xfire
2012-07-04 11:08 - 2012-07-04 11:08 - 00000000 ____D C:\Program Files (x86)\Xfire
2012-07-04 11:07 - 2012-07-04 11:07 - 23483944 ____A (Funcom ) C:\Users\Ben\Downloads\setup(1).exe
2012-07-04 11:07 - 2012-07-04 11:07 - 00001210 ____A C:\Users\Public\Desktop\The Secret World.lnk
2012-07-04 11:07 - 2012-07-04 11:07 - 00000000 ____D C:\Program Files (x86)\Funcom
2012-07-01 14:24 - 2012-07-01 14:24 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-28 15:48 - 2012-06-28 15:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2012-06-28 15:43 - 2012-06-28 15:43 - 00051828 ____A C:\Windows\DPINST.LOG
2012-06-28 15:43 - 2012-06-28 15:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2012-06-28 15:28 - 2012-06-28 15:43 - 00000000 ____D C:\Program Files (x86)\Razer
2012-06-28 15:28 - 2012-06-28 15:28 - 08571656 ____A (Razer USA Ltd.) C:\Users\Ben\Downloads\Razer_Synapse2_v1.02.16.exe
2012-06-28 15:28 - 2012-06-28 15:28 - 00000000 ____D C:\Users\Ben\AppData\Local\Razer
2012-06-28 15:28 - 2012-06-28 15:28 - 00000000 ____D C:\Users\All Users\Razer
2012-06-23 05:40 - 2012-07-08 16:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-22 17:49 - 2012-06-22 17:49 - 00000000 ____D C:\Users\Ben\AppData\Local\Funcom
2012-06-22 16:36 - 2012-06-22 16:40 - 00000000 ____D C:\dosprogs
2012-06-22 16:34 - 2012-06-22 16:34 - 00000000 ____D C:\Users\Ben\AppData\Local\DOSBox
2012-06-22 16:33 - 2012-06-23 05:09 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74
2012-06-22 16:29 - 2012-06-22 16:29 - 00000000 ____D C:\Users\Ben\AppData\Roaming\AppClient
2012-06-22 16:24 - 2012-06-23 05:09 - 00000000 ____D C:\Users\Ben\AppData\Local\Apps\2.0
2012-06-22 16:24 - 2012-06-22 16:34 - 00000000 ____D C:\Users\Ben\AppData\Local\Deployment
2012-06-20 21:33 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-20 21:33 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-20 21:33 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-20 21:33 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-20 21:32 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-20 21:32 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-20 21:32 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-20 21:32 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-20 21:32 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-17 05:58 - 2012-06-17 05:58 - 00000000 ____D C:\Users\Ben\AppData\Local\Macromedia
2012-06-13 13:05 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 13:05 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 13:05 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 13:05 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 13:05 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 13:05 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 13:05 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 13:05 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 13:05 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 13:05 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 13:05 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 13:05 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 13:05 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 13:05 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 13:05 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 13:05 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 13:05 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 13:05 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 13:05 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 13:05 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 13:05 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 13:05 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 13:05 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 13:05 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-13 13:05 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 13:05 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 13:05 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 13:05 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 13:05 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 13:05 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 13:05 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-13 13:05 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 13:05 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 13:05 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 13:05 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 13:05 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 13:05 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 13:05 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 13:05 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 13:05 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 13:05 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2012-06-11 09:16 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll


============ 3 Months Modified Files ========================

2012-07-08 16:25 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-08 16:24 - 2012-06-23 05:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-08 16:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-08 16:24 - 2009-07-13 20:51 - 00047918 ____A C:\Windows\setupact.log
2012-07-08 16:11 - 2012-07-08 16:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.845BF50177380399
2012-07-08 16:11 - 2012-07-08 16:11 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wwxbxcrp.sys
2012-07-08 16:08 - 2012-07-08 16:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.44AA3338104B6E3D
2012-07-08 16:02 - 2012-07-08 16:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EAFBDE03A65DF197
2012-07-08 15:51 - 2012-07-08 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55803236603CA329
2012-07-08 15:46 - 2012-07-08 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BDAF9F0B1C47E69
2012-07-08 15:43 - 2012-07-08 15:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F68EC965F94E8691
2012-07-08 15:40 - 2012-07-08 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29AF63660CC08E95
2012-07-08 15:37 - 2012-07-08 15:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBED37C230C01BD2
2012-07-08 15:17 - 2012-07-08 15:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63046893A68EAA2E
2012-07-08 15:17 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-08 15:17 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-08 15:16 - 2009-07-13 21:13 - 00795812 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-08 15:08 - 2012-07-08 15:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9FEA7601A683CF7
2012-07-08 15:03 - 2011-02-28 12:57 - 01069124 ____A C:\Windows\WindowsUpdate.log
2012-07-08 15:02 - 2011-03-11 23:40 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-08 15:02 - 2011-02-28 13:09 - 00809470 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-08 15:00 - 2012-07-08 15:00 - 12621696 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\mseinstall(1).exe
2012-07-08 14:59 - 2012-07-08 14:58 - 01287528 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\wlsetup-web(1).exe
2012-07-08 14:53 - 2012-07-08 14:53 - 01287528 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\wlsetup-web.exe
2012-07-07 21:36 - 2012-07-07 21:36 - 00000879 ____A C:\Users\Ben\Desktop\Gw2 - Shortcut.lnk
2012-07-04 11:08 - 2012-07-04 11:08 - 00000970 ____A C:\Users\Public\Desktop\Xfire.lnk
2012-07-04 11:07 - 2012-07-04 11:07 - 23483944 ____A (Funcom ) C:\Users\Ben\Downloads\setup(1).exe
2012-07-04 11:07 - 2012-07-04 11:07 - 00001210 ____A C:\Users\Public\Desktop\The Secret World.lnk
2012-07-04 05:16 - 2012-02-01 16:47 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-01 14:20 - 2012-04-12 03:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-01 14:20 - 2011-05-17 16:01 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-28 15:48 - 2012-06-28 15:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2012-06-28 15:43 - 2012-06-28 15:43 - 00051828 ____A C:\Windows\DPINST.LOG
2012-06-28 15:43 - 2012-06-28 15:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2012-06-28 15:32 - 2009-07-13 20:45 - 00360456 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-28 15:30 - 2011-03-10 18:57 - 00080672 ____A C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-28 15:28 - 2012-06-28 15:28 - 08571656 ____A (Razer USA Ltd.) C:\Users\Ben\Downloads\Razer_Synapse2_v1.02.16.exe
2012-06-14 00:05 - 2011-03-12 00:04 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2011-01-26 18:00 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:23 - 2011-01-26 17:59 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2012-06-11 09:16 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 09:01 - 2011-01-26 17:40 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:45 - 2011-01-26 17:28 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:43 - 2011-01-26 17:24 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:25 - 2011-01-26 17:12 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2011-01-26 17:12 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-02 14:19 - 2012-06-20 21:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 21:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 21:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 21:32 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 21:32 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 21:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 21:32 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-20 21:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-20 21:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-20 14:54 - 2012-05-20 14:54 - 00002315 ____A C:\Users\Public\Desktop\Play Torchlight 2 Beta.lnk
2012-05-20 14:53 - 2012-05-20 14:53 - 22270064 ____A C:\Users\Ben\Downloads\tl2.beta.setup.exe
2012-05-15 15:27 - 2012-05-15 15:03 - 00001196 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-14 20:01 - 2012-06-13 13:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-13 13:05 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-13 13:05 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-13 13:05 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 18:50 - 2012-05-14 18:50 - 00094208 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzudd.sys
2012-05-14 18:36 - 2012-05-14 18:36 - 00354816 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzdevicedll.dll
2012-05-14 18:36 - 2012-05-14 18:36 - 00165888 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzaudiodll.dll
2012-05-14 18:36 - 2012-05-14 18:36 - 00142848 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rztouchdll.dll
2012-05-14 17:32 - 2012-06-13 13:05 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-06 17:59 - 2012-05-06 17:59 - 00708168 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
2012-05-05 05:08 - 2012-04-12 04:08 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-13 13:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 13:05 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 13:05 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 18:55 - 2012-05-02 18:55 - 00042392 ____A C:\Windows\SysWOW64\xfcodec.dll
2012-05-02 18:55 - 2012-05-02 18:55 - 00028056 ____A C:\Windows\System32\xfcodec64.dll
2012-04-30 21:40 - 2012-06-13 13:05 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 13:05 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 16:48 - 2011-11-05 10:58 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-25 21:41 - 2012-06-13 13:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 13:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 13:05 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 13:05 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 13:05 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 13:05 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 13:05 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 13:05 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 13:05 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-20 14:54 - 2012-04-20 14:54 - 46104904 ____A (Blizzard Entertainment) C:\Users\Ben\Downloads\Diablo-III-Beta-enUS-Setup.exe
2012-04-19 21:42 - 2012-06-13 13:05 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-13 13:05 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-13 13:05 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-13 13:05 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-13 13:05 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-13 13:05 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-13 13:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-13 13:05 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:00 - 2012-06-13 13:05 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-13 13:05 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-13 13:05 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-13 13:05 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-13 13:05 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-13 13:05 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-13 13:05 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-13 13:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-13 13:05 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-13 13:05 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-16 21:31 - 2012-06-13 13:05 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:34 - 2012-06-13 13:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-14 11:48 - 2012-04-14 11:48 - 09424297 ____A C:\Users\Ben\Downloads\Gw2.zip
2012-04-12 11:30 - 2012-04-12 11:30 - 00637743 ____A C:\Windows\System32\atiicdxx.dat


ZeroAccess:
C:\Windows\Installer\{1849385f-42be-4b56-f349-2d86575857de}
C:\Windows\Installer\{1849385f-42be-4b56-f349-2d86575857de}\@
C:\Windows\Installer\{1849385f-42be-4b56-f349-2d86575857de}\L
C:\Windows\Installer\{1849385f-42be-4b56-f349-2d86575857de}\n
C:\Windows\Installer\{1849385f-42be-4b56-f349-2d86575857de}\U
C:\Windows\Installer\{1849385f-42be-4b56-f349-2d86575857de}\U\00000001.@
C:\Windows\Installer\{1849385f-42be-4b56-f349-2d86575857de}\U\80000000.@
C:\Windows\Installer\{1849385f-42be-4b56-f349-2d86575857de}\U\800000cb.@

ZeroAccess:
C:\Users\Ben\AppData\Local\{1849385f-42be-4b56-f349-2d86575857de}
C:\Users\Ben\AppData\Local\{1849385f-42be-4b56-f349-2d86575857de}\@
C:\Users\Ben\AppData\Local\{1849385f-42be-4b56-f349-2d86575857de}\L
C:\Users\Ben\AppData\Local\{1849385f-42be-4b56-f349-2d86575857de}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 12279.11 MB
Available physical RAM: 11253.96 MB
Total Pagefile: 12277.26 MB
Available Pagefile: 11243.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (WINDOWS) (Fixed) (Total:891.02 GB) (Free:590.27 GB) NTFS
2 Drive d: (ImageBackup) (Fixed) (Total:40 GB) (Free:0.02 GB) NTFS
4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 1024 KB
Disk 1 Online 1909 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 500 MB 1024 KB
Partition 0 Extended 40 GB 501 MB
Partition 3 Logical 39 GB 502 MB
Partition 2 Primary 891 GB 40 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 500 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D ImageBackup NTFS Partition 39 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C WINDOWS NTFS Partition 891 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1909 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 22:00

======================= End Of Log ==========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

[Jimmylegs]

Farbar Recovery Scan Tool Version: 08-07-2012
Ran by SYSTEM at 2012-07-08 20:17:04
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-08 16:25] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Jimmylegs]

First fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-07-2012
Ran by SYSTEM at 2012-07-08 20:36:41 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\System32\services.exe.845BF50177380399 moved successfully.
C:\Windows\System32\Drivers\wwxbxcrp.sys moved successfully.
C:\Windows\System32\services.exe.44AA3338104B6E3D moved successfully.
C:\Windows\System32\services.exe.EAFBDE03A65DF197 moved successfully.
C:\Windows\System32\services.exe.55803236603CA329 moved successfully.
C:\Windows\System32\services.exe.9BDAF9F0B1C47E69 moved successfully.
C:\Windows\System32\services.exe.F68EC965F94E8691 moved successfully.
C:\Windows\System32\services.exe.29AF63660CC08E95 moved successfully.
C:\Windows\System32\services.exe.DBED37C230C01BD2 moved successfully.
C:\Windows\System32\services.exe.63046893A68EAA2E moved successfully.
C:\Windows\System32\services.exe.A9FEA7601A683CF7 moved successfully.
C:\Windows\Installer\{1849385f-42be-4b56-f349-2d86575857de} moved successfully.
C:\Users\Ben\AppData\Local\{1849385f-42be-4b56-f349-2d86575857de} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====


Will reply with others once finished

 

[Jimmylegs]

Alright, ran combofix. Tried using Firefox after it on that computer and got the following message "Filepath to firefox..exe" "Illegal operation attempted on a registry key that has been marked for deletion.

Here is the combofix log:

ComboFix 12-07-08.01 - Ben 07/08/2012 20:52:13.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10357 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\SET30B8.tmp
c:\windows\SysWow64\SET3166.tmp
c:\windows\SysWow64\SET38E3.tmp
c:\windows\SysWow64\SET3AEC.tmp
c:\windows\SysWow64\SET3B1D.tmp
c:\windows\SysWow64\SET3C4D.tmp
c:\windows\SysWow64\tmp71D5.tmp
c:\windows\SysWow64\tmp71D6.tmp
D:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 03:44 . 2012-07-09 03:44--------d-----w-C:\FRST
2012-07-09 00:49 . 2012-07-09 00:4950392----a-w-c:\windows\system32\drivers\hipckwnf.sys
2012-07-09 00:49 . 2012-07-09 00:49328704----a-w-c:\windows\system32\services.exe.2D3B641F3714C8FC
2012-07-08 23:04 . 2012-02-09 19:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F1FCDDA-188B-44B0-BD68-B57B732404AE}\gapaengine.dll
2012-07-08 23:03 . 2012-06-18 08:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A75B7C88-7077-4211-817B-1348B96CCF85}\mpengine.dll
2012-07-08 23:02 . 2012-07-08 23:02--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-07-08 23:02 . 2012-07-08 23:02--------d-----w-c:\program files\Microsoft Security Client
2012-07-08 22:53 . 2012-07-08 22:53--------d-----w-c:\users\Ben\AppData\Local\Windows Live
2012-07-08 22:53 . 2012-07-08 22:53--------d-----w-c:\program files (x86)\Common Files\Windows Live
2012-07-07 01:42 . 2012-07-07 01:43--------d-----w-c:\users\Ben\AppData\Local\Microsoft Games
2012-07-05 00:10 . 2012-07-05 00:10--------d-----w-c:\programdata\ATI
2012-07-05 00:10 . 2012-07-05 00:10--------d-----w-c:\program files (x86)\AMD APP
2012-07-04 19:08 . 2012-07-04 19:08--------d-----w-c:\users\Ben\AppData\Roaming\Xfire
2012-07-04 19:08 . 2012-07-04 19:08--------d-----w-c:\programdata\Xfire
2012-07-04 19:08 . 2012-07-04 19:08--------d-----w-c:\program files (x86)\Xfire
2012-07-04 19:07 . 2012-07-04 19:07--------d-----w-c:\programdata\media center programs
2012-07-04 19:07 . 2012-07-04 19:07--------d-----w-c:\program files (x86)\Funcom
2012-07-01 22:24 . 2012-07-01 22:24--------d-sh--w-c:\windows\system32\%APPDATA%
2012-06-28 23:38 . 2012-06-28 23:38--------d-----w-c:\users\Ben\AppData\Local\Diagnostics
2012-06-28 23:28 . 2012-06-28 23:43--------d-----w-c:\program files (x86)\Razer
2012-06-28 23:28 . 2012-06-28 23:28--------d-----w-c:\users\Ben\AppData\Local\Razer
2012-06-28 23:28 . 2012-06-28 23:28--------d-----w-c:\programdata\Razer
2012-06-23 01:49 . 2012-06-23 01:49--------d-----w-c:\users\Ben\AppData\Local\Funcom
2012-06-23 00:36 . 2012-06-23 00:40--------d-----w-C:\dosprogs
2012-06-23 00:34 . 2012-06-23 00:34--------d-----w-c:\users\Ben\AppData\Local\DOSBox
2012-06-23 00:33 . 2012-06-23 13:09--------d-----w-c:\program files (x86)\DOSBox-0.74
2012-06-23 00:29 . 2012-06-23 00:29--------d-----w-c:\users\Ben\AppData\Roaming\AppClient
2012-06-23 00:24 . 2012-06-23 00:24--------d-----w-c:\users\Ben\AppData\Local\Apps
2012-06-23 00:24 . 2012-06-23 00:34--------d-----w-c:\users\Ben\AppData\Local\Deployment
2012-06-21 05:33 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-21 05:33 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-21 05:33 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-21 05:33 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-21 05:32 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-21 05:32 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-21 05:32 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-21 05:32 . 2012-06-02 20:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-21 05:32 . 2012-06-02 20:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-17 13:58 . 2012-06-17 13:58--------d-----w-c:\users\Ben\AppData\Local\Macromedia
2012-06-17 13:58 . 2012-06-17 13:58770384----a-w-c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 13:58 . 2012-06-17 13:58421200----a-w-c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-11 18:59 . 2012-06-11 18:5910248192----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:50 . 2012-06-11 18:50187392----a-w-c:\windows\system32\clinfo.exe
2012-06-11 18:50 . 2012-06-11 18:5075264----a-w-c:\windows\system32\OpenVideo64.dll
2012-06-11 18:50 . 2012-06-11 18:5065024----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-06-11 18:50 . 2012-06-11 18:5063488----a-w-c:\windows\system32\OVDecode64.dll
2012-06-11 18:50 . 2012-06-11 18:5056320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-06-11 18:50 . 2012-06-11 18:5016457728----a-w-c:\windows\system32\amdocl64.dll
2012-06-11 18:49 . 2012-06-11 18:4913008896----a-w-c:\windows\SysWow64\amdocl.dll
2012-06-11 18:35 . 2012-06-11 18:3570144----a-w-c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:2924826368----a-w-c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:0020467712----a-w-c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25163840----a-w-c:\windows\system32\atiapfxx.exe
2012-06-11 17:20 . 2012-06-11 17:20442368----a-w-c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19532992----a-w-c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19239616----a-w-c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17120320----a-w-c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:1721504----a-w-c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:1759392----a-w-c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:1743520----a-w-c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:166301696----a-w-c:\windows\SysWow64\atidxx32.dll
2012-06-11 16:51 . 2012-06-11 16:514246528----a-w-c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:4551200----a-w-c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:4546080----a-w-c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:4544544----a-w-c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:4544032----a-w-c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:4515703040----a-w-c:\windows\system32\aticaldd64.dll
2012-06-11 16:40 . 2012-06-11 16:4013277696----a-w-c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:366605824----a-w-c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27539136----a-w-c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26368640----a-w-c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:2617920----a-w-c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:2614848----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:2614848----a-w-c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:2641984----a-w-c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:2633280----a-w-c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26367616----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:2542496----a-w-c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:2545056----a-w-c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:2453248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:2356320----a-w-c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:2356320----a-w-c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\SysWow64\amdpcom32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 22:20 . 2012-04-12 11:28426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-01 22:20 . 2011-05-18 00:0170344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-11 17:24 . 2011-01-27 02:00924160----a-w-c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-01-27 01:591090560----a-w-c:\windows\system32\aticfx64.dll
2012-06-11 17:01 . 2011-01-27 01:406914560----a-w-c:\windows\system32\atidxx64.dll
2012-06-11 16:45 . 2011-01-27 01:285480448----a-w-c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:43 . 2011-01-27 01:244729344----a-w-c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:25 . 2011-01-27 01:1254784----a-w-c:\windows\system32\atiuxp64.dll
2012-06-11 16:24 . 2011-01-27 01:1232768----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-05-15 02:50 . 2012-05-15 02:5094208----a-w-c:\windows\system32\drivers\rzudd.sys
2012-05-15 02:36 . 2012-05-15 02:36142848----a-w-c:\windows\SysWow64\rztouchdll.dll
2012-05-15 02:36 . 2012-05-15 02:36354816----a-w-c:\windows\SysWow64\rzdevicedll.dll
2012-05-15 02:36 . 2012-05-15 02:36165888----a-w-c:\windows\SysWow64\rzaudiodll.dll
2012-05-07 01:59 . 2012-05-07 01:59708168----a-w-c:\windows\system32\WinUSBCoInstaller.dll
2012-05-05 13:08 . 2012-04-12 12:088744608----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:55 . 2012-05-03 02:5542392----a-w-c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:55 . 2012-05-03 02:5528056----a-w-c:\windows\system32\xfcodec64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-09-16 2736128]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-10 1242448]
"googletalk"="c:\users\Ben\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Akamai NetSession Interface"="c:\users\Ben\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-05 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-05-29 313768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]
R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-12 1255736]
R3 X6va005;X6va005;c:\users\Ben\AppData\Local\Temp\005C6CB.tmp [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-03-02 297512]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-05-15 94208]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER2
*NewlyCreated* - WS2IFSL
*Deregistered* - AODDriver2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 22:11451872----a-w-c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.2.1
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://kkvpnasa01.kkamerica.com/+CSCOL+/cscopf.cab
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\wjgvr0zx.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Ben\AppData\Local\Temp\005C6CB.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1121471191-4289625722-721728759-1002\Software\SecuROM\License information*]
"datasecu"=hex:1f,a1,ee,aa,af,6d,69,cf,1b,77,4a,65,85,95,76,c1,c7,8f,49,aa,a2,
1f,04,53,2e,27,94,b8,d5,36,9b,3d,29,88,cb,5e,24,fa,2d,30,ab,15,f0,4a,73,19,\
"rkeysecu"=hex:89,3a,60,71,21,17,14,ab,b0,f5,19,00,c6,b2,24,5f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-07-08 21:06:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 02:06
.
Pre-Run: 636,106,080,256 bytes free
Post-Run: 659,163,533,312 bytes free
.
- - End Of File - - 1C241C65854F3A26549AA6A9EC822DEF

 

[Broni]

That's because you're not reading my instructions carefully:

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\hipckwnf.sys
c:\windows\system32\services.exe.2D3B641F3714C8FC


DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

Driver::

Registry::

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Jimmylegs]

Sorry about missing the previous note.

Here is the combofix.txt log:

ComboFix 12-07-08.01 - Ben 07/08/2012 21:44:07.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10183 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
Command switches used :: c:\users\Ben\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\hipckwnf.sys"
"c:\windows\system32\services.exe.2D3B641F3714C8FC"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\hipckwnf.sys
c:\windows\system32\services.exe.2D3B641F3714C8FC
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 03:44 . 2012-07-09 03:44--------d-----w-C:\FRST
2012-07-09 02:50 . 2012-07-09 02:50--------d-----w-c:\users\Mcx1-BEN-PC\AppData\Local\temp
2012-07-09 02:50 . 2012-07-09 02:50--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-08 23:04 . 2012-02-09 19:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F1FCDDA-188B-44B0-BD68-B57B732404AE}\gapaengine.dll
2012-07-08 23:03 . 2012-06-18 08:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A75B7C88-7077-4211-817B-1348B96CCF85}\mpengine.dll
2012-07-08 23:02 . 2012-07-08 23:02--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-07-08 23:02 . 2012-07-08 23:02--------d-----w-c:\program files\Microsoft Security Client
2012-07-08 22:53 . 2012-07-08 22:53--------d-----w-c:\users\Ben\AppData\Local\Windows Live
2012-07-08 22:53 . 2012-07-08 22:53--------d-----w-c:\program files (x86)\Common Files\Windows Live
2012-07-07 01:42 . 2012-07-07 01:43--------d-----w-c:\users\Ben\AppData\Local\Microsoft Games
2012-07-05 00:10 . 2012-07-05 00:10--------d-----w-c:\programdata\ATI
2012-07-05 00:10 . 2012-07-05 00:10--------d-----w-c:\program files (x86)\AMD APP
2012-07-04 19:08 . 2012-07-04 19:08--------d-----w-c:\users\Ben\AppData\Roaming\Xfire
2012-07-04 19:08 . 2012-07-04 19:08--------d-----w-c:\programdata\Xfire
2012-07-04 19:08 . 2012-07-04 19:08--------d-----w-c:\program files (x86)\Xfire
2012-07-04 19:07 . 2012-07-04 19:07--------d-----w-c:\programdata\media center programs
2012-07-04 19:07 . 2012-07-04 19:07--------d-----w-c:\program files (x86)\Funcom
2012-07-01 22:24 . 2012-07-01 22:24--------d-sh--w-c:\windows\system32\%APPDATA%
2012-06-28 23:38 . 2012-06-28 23:38--------d-----w-c:\users\Ben\AppData\Local\Diagnostics
2012-06-28 23:28 . 2012-06-28 23:43--------d-----w-c:\program files (x86)\Razer
2012-06-28 23:28 . 2012-06-28 23:28--------d-----w-c:\users\Ben\AppData\Local\Razer
2012-06-28 23:28 . 2012-06-28 23:28--------d-----w-c:\programdata\Razer
2012-06-23 01:49 . 2012-06-23 01:49--------d-----w-c:\users\Ben\AppData\Local\Funcom
2012-06-23 00:36 . 2012-06-23 00:40--------d-----w-C:\dosprogs
2012-06-23 00:34 . 2012-06-23 00:34--------d-----w-c:\users\Ben\AppData\Local\DOSBox
2012-06-23 00:33 . 2012-06-23 13:09--------d-----w-c:\program files (x86)\DOSBox-0.74
2012-06-23 00:29 . 2012-06-23 00:29--------d-----w-c:\users\Ben\AppData\Roaming\AppClient
2012-06-23 00:24 . 2012-06-23 00:24--------d-----w-c:\users\Ben\AppData\Local\Apps
2012-06-23 00:24 . 2012-06-23 00:34--------d-----w-c:\users\Ben\AppData\Local\Deployment
2012-06-21 05:33 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-21 05:33 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-21 05:33 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-21 05:33 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-21 05:32 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-21 05:32 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-21 05:32 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-21 05:32 . 2012-06-02 20:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-21 05:32 . 2012-06-02 20:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-17 13:58 . 2012-06-17 13:58--------d-----w-c:\users\Ben\AppData\Local\Macromedia
2012-06-17 13:58 . 2012-06-17 13:58770384----a-w-c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 13:58 . 2012-06-17 13:58421200----a-w-c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-11 18:59 . 2012-06-11 18:5910248192----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:50 . 2012-06-11 18:50187392----a-w-c:\windows\system32\clinfo.exe
2012-06-11 18:50 . 2012-06-11 18:5075264----a-w-c:\windows\system32\OpenVideo64.dll
2012-06-11 18:50 . 2012-06-11 18:5065024----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-06-11 18:50 . 2012-06-11 18:5063488----a-w-c:\windows\system32\OVDecode64.dll
2012-06-11 18:50 . 2012-06-11 18:5056320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-06-11 18:50 . 2012-06-11 18:5016457728----a-w-c:\windows\system32\amdocl64.dll
2012-06-11 18:49 . 2012-06-11 18:4913008896----a-w-c:\windows\SysWow64\amdocl.dll
2012-06-11 18:35 . 2012-06-11 18:3570144----a-w-c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:2924826368----a-w-c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:0020467712----a-w-c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25163840----a-w-c:\windows\system32\atiapfxx.exe
2012-06-11 17:20 . 2012-06-11 17:20442368----a-w-c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19532992----a-w-c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19239616----a-w-c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17120320----a-w-c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:1721504----a-w-c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:1759392----a-w-c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:1743520----a-w-c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:166301696----a-w-c:\windows\SysWow64\atidxx32.dll
2012-06-11 16:51 . 2012-06-11 16:514246528----a-w-c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:4551200----a-w-c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:4546080----a-w-c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:4544544----a-w-c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:4544032----a-w-c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:4515703040----a-w-c:\windows\system32\aticaldd64.dll
2012-06-11 16:40 . 2012-06-11 16:4013277696----a-w-c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:366605824----a-w-c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27539136----a-w-c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26368640----a-w-c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:2617920----a-w-c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:2614848----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:2614848----a-w-c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:2641984----a-w-c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:2633280----a-w-c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26367616----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:2542496----a-w-c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:2545056----a-w-c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:2453248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:2356320----a-w-c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:2356320----a-w-c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\SysWow64\amdpcom32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 22:20 . 2012-04-12 11:28426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-01 22:20 . 2011-05-18 00:0170344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-11 17:24 . 2011-01-27 02:00924160----a-w-c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-01-27 01:591090560----a-w-c:\windows\system32\aticfx64.dll
2012-06-11 17:01 . 2011-01-27 01:406914560----a-w-c:\windows\system32\atidxx64.dll
2012-06-11 16:45 . 2011-01-27 01:285480448----a-w-c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:43 . 2011-01-27 01:244729344----a-w-c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:25 . 2011-01-27 01:1254784----a-w-c:\windows\system32\atiuxp64.dll
2012-06-11 16:24 . 2011-01-27 01:1232768----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-05-15 02:50 . 2012-05-15 02:5094208----a-w-c:\windows\system32\drivers\rzudd.sys
2012-05-15 02:36 . 2012-05-15 02:36142848----a-w-c:\windows\SysWow64\rztouchdll.dll
2012-05-15 02:36 . 2012-05-15 02:36354816----a-w-c:\windows\SysWow64\rzdevicedll.dll
2012-05-15 02:36 . 2012-05-15 02:36165888----a-w-c:\windows\SysWow64\rzaudiodll.dll
2012-05-07 01:59 . 2012-05-07 01:59708168----a-w-c:\windows\system32\WinUSBCoInstaller.dll
2012-05-05 13:08 . 2012-04-12 12:088744608----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:55 . 2012-05-03 02:5542392----a-w-c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:55 . 2012-05-03 02:5528056----a-w-c:\windows\system32\xfcodec64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_02.00.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-07 01:18 . 2012-07-09 02:5331182 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-09 02:5331770 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-11 02:55 . 2012-07-09 02:0416384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-11 02:55 . 2012-07-09 01:4916384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-01 04:11 . 2012-07-09 01:4916384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-01 04:11 . 2012-07-09 02:0416384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-01 03:22 . 2012-07-09 02:313032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-11 02:58 . 2012-07-09 02:536702 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1121471191-4289625722-721728759-1002_UserData.bin
- 2012-07-09 02:00 . 2012-07-09 02:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-09 02:51 . 2012-07-09 02:512048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-09 02:51 . 2012-07-09 02:512048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-09 02:00 . 2012-07-09 02:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-09 02:37671176 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-09 01:51671176 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-09 01:51126262 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-09 02:37126262 c:\windows\system32\perfc009.dat
+ 2011-03-11 05:49 . 2012-07-09 02:05589824 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-11 05:49 . 2012-07-08 23:13589824 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-07-09 01:59321972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-09 02:50321972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-11 05:49 . 2012-07-09 02:056750208 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-11 05:49 . 2012-07-08 23:136750208 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-09 02:053293184 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-08 23:133293184 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-28 21:05 . 2012-07-09 02:501912960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-28 21:05 . 2012-07-09 01:591912960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-12 07:55 . 2012-07-09 02:5032727828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1121471191-4289625722-721728759-1002-8192.dat
- 2011-03-12 07:55 . 2012-07-09 01:5932727828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1121471191-4289625722-721728759-1002-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-09-16 2736128]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-10 1242448]
"googletalk"="c:\users\Ben\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Akamai NetSession Interface"="c:\users\Ben\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-05 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-05-29 313768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]
R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-12 1255736]
R3 X6va005;X6va005;c:\users\Ben\AppData\Local\Temp\005C6CB.tmp [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-03-02 297512]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-05-15 94208]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 22:11451872----a-w-c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://kkvpnasa01.kkamerica.com/+CSCOL+/cscopf.cab
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\wjgvr0zx.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Ben\AppData\Local\Temp\005C6CB.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1121471191-4289625722-721728759-1002\Software\SecuROM\License information*]
"datasecu"=hex:1f,a1,ee,aa,af,6d,69,cf,1b,77,4a,65,85,95,76,c1,c7,8f,49,aa,a2,
1f,04,53,2e,27,94,b8,d5,36,9b,3d,29,88,cb,5e,24,fa,2d,30,ab,15,f0,4a,73,19,\
"rkeysecu"=hex:89,3a,60,71,21,17,14,ab,b0,f5,19,00,c6,b2,24,5f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-07-08 21:56:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 02:56
ComboFix2.txt 2012-07-09 02:06
.
Pre-Run: 659,235,758,080 bytes free
Post-Run: 658,938,970,112 bytes free
.
- - End Of File - - 9D34ACDCD7531B49E665731756A6B221

 

[Broni]

Looks good

Any current issues?

===========================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

======================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Jimmylegs]

Looks great - thanks so much for your help! Doing the last few tasks and will post back in a bit!

 

[Jimmylegs]

Malwarebytes log, doing OTL after restart:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ben :: BEN-PC [administrator]

Protection: Enabled

7/8/2012 10:15:50 PM
mbam-log-2012-07-08 (22-15-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231660
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Jimmylegs]

Can't download OTL right now, the sites down. Thanks again for your help - I'll definitely be donating to your cause! Do you suggest waiting until I can download OTL to do anything on my computer?

 

[Broni]

Try here: http://www.smartestcomputing.us.com/files/file/5-otl/

 

[Jimmylegs]

OTL.txt:

OTL logfile created on: 7/8/2012 10:29:43 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ben\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 85.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891.02 Gb Total Space | 613.73 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 0.02 Gb Free Space | 0.05% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/08 22:28:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
PRC - [2012/05/29 18:21:44 | 000,313,768 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/05 14:10:12 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/05/25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/17 12:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 02:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Ben\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2012/07/08 22:28:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/11 12:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/29 18:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/01 17:20:45 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/23 08:19:27 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/17 08:58:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 17:32:17 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/04/05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/07/01 05:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 07:41:10 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/06/10 07:41:02 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/06/10 07:40:22 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/11 13:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/06/11 13:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 11:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/14 21:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 03:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/10 16:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 16:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/29 18:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/25 11:27:40 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/01 19:57:00 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-1121471191-4289625722-721728759-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1121471191-4289625722-721728759-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 F4 4E B4 F1 57 CD 01 [binary data]
IE - HKU\S-1-5-21-1121471191-4289625722-721728759-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1121471191-4289625722-721728759-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:2.0.3

FF - HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 08:58:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/01 16:49:31 | 000,000,000 | ---D | M]

[2011/03/10 22:01:03 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2012/05/01 19:07:27 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\wjgvr0zx.default\extensions
[2011/10/28 01:40:12 | 000,000,000 | ---D | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\wjgvr0zx.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}
[2011/12/01 16:49:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/27 19:49:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/17 08:58:18 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2012/06/17 08:58:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/06/17 08:58:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/08 21:51:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1121471191-4289625722-721728759-1002..\Run: [Akamai NetSession Interface] C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1121471191-4289625722-721728759-1002..\Run: [googletalk] C:\Users\Ben\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1121471191-4289625722-721728759-1002..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1121471191-4289625722-721728759-1002..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe File not found
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1121471191-4289625722-721728759-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1121471191-4289625722-721728759-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://kkvpnasa01.kkamerica.com/+CSCOL+/cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 22:44:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/08 22:14:47 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Malwarebytes
[2012/07/08 22:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/08 22:14:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/08 22:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/08 21:56:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/08 21:51:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/08 20:50:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/08 20:50:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/08 20:50:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/08 20:49:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/08 20:49:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/08 20:47:33 | 004,573,972 | R--- | C] (Swearware) -- C:\Users\Ben\Desktop\ComboFix.exe
[2012/07/08 18:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/08 18:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/08 18:00:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/08 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Windows Live
[2012/07/08 17:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/07/08 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{368698C1-9B38-472D-9682-9834FB3D2740}
[2012/07/06 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Microsoft Games
[2012/07/04 19:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/04 19:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/04 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Xfire
[2012/07/04 14:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2012/07/04 14:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2012/07/04 14:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2012/07/04 14:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2012/07/01 17:24:20 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/28 18:38:10 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Diagnostics
[2012/06/28 18:28:59 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Razer
[2012/06/28 18:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/06/28 18:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012/06/22 20:49:15 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Funcom
[2012/06/22 19:36:01 | 000,000,000 | ---D | C] -- C:\dosprogs
[2012/06/22 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\DOSBox
[2012/06/22 19:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2012/06/22 19:29:01 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\AppClient
[2012/06/22 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Apps
[2012/06/22 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Deployment
[2012/06/17 08:58:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Macromedia
[2012/06/11 13:35:48 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.98.dll
[2012/06/11 12:19:58 | 000,532,992 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/11 12:19:14 | 000,239,616 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/06/11 12:17:56 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/11 12:17:42 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/08 22:28:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2012/07/08 22:27:45 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 22:27:45 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 22:24:51 | 000,795,812 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/08 22:24:51 | 000,671,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/08 22:24:51 | 000,126,262 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/08 22:20:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/08 22:20:27 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/08 22:14:33 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/08 22:12:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/08 21:51:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/08 21:00:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/08 20:47:50 | 004,573,972 | R--- | M] (Swearware) -- C:\Users\Ben\Desktop\ComboFix.exe
[2012/07/08 20:44:06 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2012/07/08 18:02:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/08 18:02:37 | 000,809,470 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/08 00:36:31 | 000,000,879 | ---- | M] () -- C:\Users\Ben\Desktop\Gw2 - Shortcut.lnk
[2012/07/04 14:08:40 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2012/07/04 14:07:44 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012/06/28 18:48:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/06/28 18:43:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/06/28 18:32:33 | 000,360,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/11 13:50:46 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2012/06/11 13:35:48 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.98.dll
[2012/06/11 12:26:12 | 000,263,840 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/06/11 12:26:12 | 000,263,840 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/06/11 12:19:58 | 000,532,992 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/11 12:19:14 | 000,239,616 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/06/11 12:17:56 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/11 12:17:42 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/06/11 11:50:16 | 002,936,864 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/11 11:41:48 | 002,971,136 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/08 22:14:33 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/08 20:50:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/08 20:50:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/08 20:50:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/08 20:50:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/08 20:50:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/08 20:44:06 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2012/07/08 00:36:31 | 000,000,879 | ---- | C] () -- C:\Users\Ben\Desktop\Gw2 - Shortcut.lnk
[2012/07/04 14:08:40 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2012/07/04 14:07:44 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012/06/28 18:48:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/06/28 18:43:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/06/23 08:40:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/11 13:50:46 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2012/06/11 12:26:12 | 000,263,840 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/06/11 12:26:12 | 000,263,840 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/06/11 11:50:16 | 002,936,864 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/11 11:41:48 | 002,971,136 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/05/02 21:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/02/01 19:47:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/14 16:30:20 | 000,007,488 | -HS- | C] () -- C:\Users\Ben\AppData\Local\smsmmm6e0ovs2txy7wni0i833o4a
[2011/12/14 16:30:20 | 000,007,488 | -HS- | C] () -- C:\ProgramData\smsmmm6e0ovs2txy7wni0i833o4a
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/01 18:24:42 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/05/01 18:24:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/05/01 18:24:40 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/01 18:24:40 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/01 18:24:39 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/10 22:32:27 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/28 16:09:57 | 000,809,470 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/12/07 18:49:15 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.minecraft
[2012/06/22 19:29:01 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\AppClient
[2011/07/06 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\AtomZombieData
[2012/03/27 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\BitTorrent
[2011/07/26 21:19:16 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Downloaded Installations
[2011/06/17 18:14:14 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Foxit Software
[2011/07/14 06:26:14 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\go
[2011/06/21 23:13:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Hi-Rez Studios
[2011/03/10 22:32:48 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\LolClient
[2012/05/31 21:03:58 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\LolClient2
[2011/03/19 23:27:55 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Mount&Blade Warband
[2011/05/02 21:34:14 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\OpenOffice.org
[2011/03/11 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Rift
[2012/02/20 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\RotMG.Production
[2012/01/28 12:32:35 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\runic games
[2009/07/14 00:08:49 | 000,025,048 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Ben\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Ben\Desktop\desktop.ini:gs5sys

< End of report >

 

[Jimmylegs]

Extras.txt:


OTL Extras logfile created on: 7/8/2012 10:29:43 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ben\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 85.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891.02 Gb Total Space | 613.73 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 0.02 Gb Free Space | 0.05% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1121471191-4289625722-721728759-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13EE03A3-7B77-47BC-9C42-B60576AB3A08}" = AMD System Monitor
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{48982DE3-0B85-7A9B-A147-B833D665C1F4}" = Application Profiles
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator XE
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67CA389E-E759-4181-99FA-CD8B63853FB1}" = Roxio Creator XE
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}" = Adobe Shockwave Player 11.5
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{91311305-E6FC-958E-4AAC-D737C6F2A00E}" = Application Profiles
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}" = LightScribe System Software
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F5E467-570D-42F9-B524-89304092F90F}" = Torchlight 2 Beta
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Akamai" = Akamai NetSession Interface Service
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Diablo III" = Diablo III
"Foxit Reader_is1" = Foxit Reader 5.0
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"StarCraft II" = StarCraft II
"Steam App 102200" = Runespell: Overture
"Steam App 102600" = Orcs Must Die!
"Steam App 104700" = Super Monday Night Combat
"Steam App 105600" = Terraria
"Steam App 111400" = Bunch Of Heroes
"Steam App 113200" = The Binding Of Isaac
"Steam App 12140" = Max Payne
"Steam App 1250" = Killing Floor
"Steam App 17410" = Mirror's Edge
"Steam App 200210" = Realm of the Mad God
"Steam App 200900" = Cave Story+
"Steam App 207420" = Wizorb
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 21170" = Gotham City Impostors
"Steam App 220" = Half-Life 2
"Steam App 24200" = DC Universe Online
"Steam App 25980" = Majesty 2
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 41500" = Torchlight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 48950" = Greed Corp
"Steam App 55040" = Atom Zombie Smasher
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 58520" = Blood Bowl: Legendary Edition
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 8980" = Borderlands
"Steam App 91200" = Anomaly Warzone Earth
"Steam App 91310" = Dead Island
"Steam App 91600" = Sanctum
"Steam App 94200" = Jamestown
"Steam App 9880" = Champions Online: Free For All
"The Secret World_is1" = The Secret World
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1121471191-4289625722-721728759-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Akamai" = Akamai NetSession Interface
"Game Organizer" = EasyBits GO

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2012 1:30:24 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/1/2012 8:01:57 PM | Computer Name = Ben-PC | Source = Windows Backup | ID = 4104
Description =

Error - 7/2/2012 1:17:22 AM | Computer Name = Ben-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: Flash64_11_3_300_257.ocx, version: 11.3.300.257,
time stamp: 0x4fc81d71 Exception code: 0xc0000005 Fault offset: 0x0000000000673b55
Faulting
process id: 0x2a78 Faulting application start time: 0x01cd5811d25d72f3 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_257.ocx
Report
Id: 33389c3d-c405-11e1-b270-bcaec5425bcb

Error - 7/2/2012 1:30:50 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/2/2012 3:54:26 AM | Computer Name = Ben-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: Flash64_11_3_300_257.ocx, version: 11.3.300.257,
time stamp: 0x4fc81d71 Exception code: 0xc0000005 Fault offset: 0x00000000005ea6c0
Faulting
process id: 0x269c Faulting application start time: 0x01cd58276a1ea65f Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_257.ocx
Report
Id: 245e1d9d-c41b-11e1-b270-bcaec5425bcb

Error - 7/2/2012 4:15:08 AM | Computer Name = Ben-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 8.0.7601.17824, time
stamp: 0x4f90f62a Exception code: 0xc0000005 Fault offset: 0x00000000003660d5 Faulting
process id: 0x17b8 Faulting application start time: 0x01cd582ab3ceb8b4 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: 08a33efa-c41e-11e1-b270-bcaec5425bcb

Error - 7/2/2012 10:13:01 PM | Computer Name = Ben-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 8.0.7601.17824, time
stamp: 0x4f90f62a Exception code: 0xc0000005 Fault offset: 0x0000000000276e1c Faulting
process id: 0x2410 Faulting application start time: 0x01cd58c11a855230 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: 9cc12147-c4b4-11e1-b270-bcaec5425bcb

Error - 7/3/2012 1:30:10 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/3/2012 6:30:27 AM | Computer Name = Ben-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: Flash64_11_3_300_257.ocx, version: 11.3.300.257,
time stamp: 0x4fc81d71 Exception code: 0xc0000005 Fault offset: 0x00000000001d1a52
Faulting
process id: 0x1c60 Faulting application start time: 0x01cd5906a816357e Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_257.ocx
Report
Id: 1a5bf031-c4fa-11e1-b270-bcaec5425bcb

Error - 7/4/2012 5:07:45 AM | Computer Name = Ben-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 8.0.7601.17824, time
stamp: 0x4f90f62a Exception code: 0xc0000005 Fault offset: 0x000000000004a632 Faulting
process id: 0x23a4 Faulting application start time: 0x01cd59c43e1579e0 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: b7306ba0-c5b7-11e1-b270-bcaec5425bcb

[ System Events ]
Error - 7/8/2012 10:00:11 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/8/2012 10:36:20 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.

Error - 7/8/2012 10:48:13 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/8/2012 10:49:51 PM | Computer Name = Ben-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/8/2012 10:49:51 PM | Computer Name = Ben-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/8/2012 10:50:16 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/8/2012 10:51:27 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/8/2012 11:11:06 PM | Computer Name = Ben-PC | Source = DCOM | ID = 10005
Description =

Error - 7/8/2012 11:11:06 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 7/8/2012 11:11:06 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKU\S-1-5-21-1121471191-4289625722-721728759-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  [2011/12/14 16:30:20 | 000,007,488 | -HS- | C] () -- C:\Users\Ben\AppData\Local\smsmmm6e0ovs2txy7wni0i833o4a
  [2011/12/14 16:30:20 | 000,007,488 | -HS- | C] () -- C:\ProgramData\smsmmm6e0ovs2txy7wni0i833o4a
  @Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
  @Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
  @Alternate Data Stream - 1536 bytes -> C:\Users\Ben\Documents\desktop.ini:gs5sys
  @Alternate Data Stream - 1536 bytes -> C:\Users\Ben\Desktop\desktop.ini:gs5sys
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• 
  Alternate download: http://www.smartestcomputing.us.com/files/file/6-tfc/
• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Jimmylegs]

OTL log:

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1121471191-4289625722-721728759-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\Ben\AppData\Local\smsmmm6e0ovs2txy7wni0i833o4a moved successfully.
C:\ProgramData\smsmmm6e0ovs2txy7wni0i833o4a moved successfully.
ADS C:\ProgramData:gs5sys deleted successfully.
ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\Ben\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\Ben\Desktop\desktop.ini:gs5sys deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ben
->Temp folder emptied: 19957132 bytes
->Temporary Internet Files folder emptied: 49384300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65332928 bytes
->Flash cache emptied: 80263 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-BEN-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 5927936 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 115695303 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 245.00 mb

Error: Unable to interpret <[emptyjava]> in the current context!

[EMPTYFLASH]

User: All Users

User: Ben
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-BEN-PC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 07082012_224335

Files\Folders moved on Reboot...
C:\Users\Ben\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

[Jimmylegs]

Security Check log:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.3.300.262
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

 

[Jimmylegs]

FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Ben (administrator) on 08-07-2012 at 22:52:02
Running from "C:\Users\Ben\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Jimmylegs]

Alright - here is the ESET scanner log:

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan
C:\FRST\Quarantine\{1849385f-42be-4b56-f349-2d86575857de}\n Win64/Sirefef.W trojan
C:\FRST\Quarantine\{1849385f-42be-4b56-f349-2d86575857de}\U\80000000.@ Win64/Sirefef.AL trojan
D:\BEN-PC\Backup Set 2011-11-06 190001\Backup Files 2011-11-06 190001\Backup files 4.zip multiple threats
D:\BEN-PC\Backup Set 2011-11-06 190001\Backup Files 2011-12-11 190002\Backup files 1.zip JS/Kryptik.ES trojan
D:\BEN-PC\Backup Set 2011-12-18 190001\Backup Files 2011-12-18 190001\Backup files 5.zip multiple threats

 

[Broni]

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

============================================

We have one registry key corrupted affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

 

[Jimmylegs]

Here is the new FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Ben (administrator) on 09-07-2012 at 00:58:32
Running from "C:\Users\Ben\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Some services are still not running.

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check

Once that is done then go to step 3 and allow it to run SFC

On the the Start Repairs tab click Start button.

Please ensure that items seen in the image below are ticked as indicated:

Click on box next to the Restart System when Finished. Then click on Start

Post new FSS log.

 

[Jimmylegs]

I did the steps outlined - here is the new FSS Scan:

Farbar Service Scanner Version: 08-07-2012
Ran by Ben (administrator) on 09-07-2012 at 18:56:59
Running from "C:\Users\Ben\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****