Yet another Win64.sirefef._ _ Trojan help request ...

Solved
By LA_Kings_Fan
Aug 3, 2012
  1. Hello,

    Well I picked up Win64/Sirefef on my back up machine recenlty ... everything was fine, I had NORTON 360 5.0 on the machine, and didn't think Norton was at all bad ... but the yearly service subscription ran out and I got cheap [​IMG] took Norton off and went to Microsoft Security Essentials. Within a week I noticed the web ad redirection symptom, but didn't know at the time what was going on or causing it ... a week later the Fake AV warnings would pop up and MSE would try to clean it and the system would get stuck in that god awful reboot loop [​IMG] not allowing me to do anything with the machine.
    I picked up KASPERSKY PURE 2.0 and it's RESCUE DISC helped get rid of the Win64/Sirefef crap or so I thought ? BUT ... I couldn't seem to properly and completely remove MSE and replace it with Kaspersky PURE, bits of MSE remained after an uninstall and my system would give me errors saying it couldn't install Kaspersky ? OK, so I figured maybe MSE didn't UNINSTALL properly lets reinstall it again and see if I can uninstall it 100% ... well during reinstall, guess who's back ... YEP ... Win64/Sirefef ! [​IMG]

    I would very very much appriciate help with this. I think I have / had AT LEAST the following on my computer ...
    - Trojan:Win64/sirefef.ab
    - Trojan:Win64/sirefef.m
    - Trojan:Win64/sirefef.w
    - confsrv.dll
    Also Windows firewall didn't seem to want to turn on, windows update doesn't seem to want to turn on, and I got an error code 0x80070002 .
    Thank you very much
    - Ash {LA_Kings_Fan}

    NOTE: Specs for the infected machine should be in my TechSpot profile if needed.
  2. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================

    I don't know if I should help you because I'm Sharks fan :)
    ...just kidding....LOL

    What Windows version is it?
  3. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    Thank you for getting back to me :) since you're a Sharks fan I hope you know more about computers than Hockey :p j/k ;)

    The infected computer has MS WINDOWS VISTA Home Premium 64 bit SP2 installed on it ... I never got around to doing the WIN 7 upgrade on that machine yet.

    The Infected computer Spec's
    PC name: HP Back Up Rig
    CPU: Q9650 Yorkfield Quad-Core
    Motherboard, Memory: Asus IPIBL-LB (HP Benicia-GL8E) , 8 GB G. Skill Pi Black DDR2
    Graphics: XFX HD Radeon 5770 OC'd
    Storage: SeaGate Barracuda 1TB 32MB Cache
    Case, cooling: HP Pavilion , Coolermaster GeminII S
    Other Peripherals: HP - DVD/CD combo, HP PS2 Keyboard & Mouse, HP w2207h Widescreen, ZUMAX X2 ZU-500 PSU
    Operating System: MS Vista Home Premium 64 bit


    I have an additional 2nd computer I can use with MS WIN 7 PRO 64 Bit SP1 as well, if needed.

    Thanks again,
    - Ash
  4. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    That gives you 10 minutes penalty and game misconduct....LOL

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  5. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    :confused: Not sure I did this right ? as my On Screen Options looked different, most likely due to the HP Recovery interface ? But ....

    ======================================================================================

    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012
    Ran by ASHLEY (Admin.) at 04-08-2012 12:12:03
    Running from L:\
    Service Pack 2 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

    ============ One Month Created Files and Folders ==============
    2012-08-04 11:23 - 2012-08-04 11:23 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{9B005808-7F1A-4AD4-9C0A-B1675E9CAEB9}
    2012-08-04 11:23 - 2012-08-04 11:23 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{3EB8D702-85AD-46F3-88A7-A8E8A8B126DA}
    2012-08-01 11:52 - 2012-08-02 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-08-01 11:26 - 2012-08-01 11:26 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Roaming\HP SureStore Application
    2012-08-01 11:26 - 2012-08-01 11:26 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Roaming\ArcSoft
    2012-08-01 11:26 - 2012-08-01 11:26 - 00000000 ____D C:\Users\All Users\ArcSoft
    2012-08-01 11:21 - 2012-08-01 11:21 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{A6AF5BF9-6707-4DED-97EF-CF9AAB9832BF}
    2012-08-01 11:21 - 2012-08-01 11:21 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{94812D0B-6621-483D-A6E0-E35A52B5C99B}
    2012-07-31 22:31 - 2012-07-31 22:31 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{58267674-092A-4BB6-9032-424BC63A3B6A}
    2012-07-31 22:30 - 2012-07-31 22:31 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{94890400-CF65-4C64-A61D-58BB9E5E573E}
    2012-07-31 16:20 - 2012-07-31 16:20 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66B0882324E49333
    2012-07-24 13:14 - 2012-07-24 13:14 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B538F0C523042A7
    2012-07-24 13:05 - 2012-08-02 23:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-24 11:30 - 2012-07-24 11:30 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{0F20805B-9FF8-4850-88AE-B00C7AFE78B3}
    2012-07-24 11:29 - 2012-07-24 11:30 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{EE295C1E-2E47-413F-82D4-9CED7B7F6F6B}
    2012-07-23 22:36 - 2012-07-23 22:36 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{FA0B1081-8AC9-40DA-AA03-1BC72209822C}
    2012-07-23 22:36 - 2012-07-23 22:36 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{2D584ED4-11CC-40AF-81DA-CED0A4F49232}
    2012-07-23 17:27 - 2012-07-23 17:27 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-23 10:36 - 2012-07-23 10:36 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{7DBBA6C0-8C59-4A4F-890F-DC0FA1CB8184}
    2012-07-23 10:36 - 2012-07-23 10:36 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{2166DEF6-427E-46AF-8A53-9093F51600A9}
    2012-07-22 15:58 - 2012-07-22 15:58 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{94136B68-A232-4425-8DCF-0FC063B58CFC}
    2012-07-22 15:58 - 2012-07-22 15:58 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{09D79907-F950-4A59-8427-BEBBE47D8C5D}
    2012-07-21 12:13 - 2012-07-21 12:13 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C3373312-9AF6-4CD7-B855-B62F39C53169}
    2012-07-21 12:12 - 2012-07-21 12:13 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{029DCE34-387A-4240-A9B6-AAF602301ADA}
    2012-07-21 00:06 - 2012-07-21 00:06 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{EFF080B6-F853-4CCF-9EDE-C5AA8E15365B}
    2012-07-21 00:06 - 2012-07-21 00:06 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{EB905DE6-813E-41E2-BFB2-FABF673B3728}
    2012-07-20 12:05 - 2012-07-20 12:06 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{72498C43-3BCF-491F-A399-E8B18DD23E99}
    2012-07-20 12:05 - 2012-07-20 12:05 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{9E8F8BFF-EDE6-47DC-BAD7-170B52E38024}
    2012-07-19 12:58 - 2012-07-19 12:58 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E4E0279D-5940-4510-972D-0DBA4ECB9045}
    2012-07-19 12:58 - 2012-07-19 12:58 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{6CF47B3D-F7F5-4D3E-ACB0-0BF63D1FDEF4}
    2012-07-18 13:25 - 2012-07-18 13:25 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E1EA2E56-2E1A-4D79-A95E-65D8E6C9B34F}
    2012-07-18 13:24 - 2012-07-18 13:24 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{15612DD5-FAAB-4F5E-83E6-9F95F95810F2}
    2012-07-17 12:49 - 2012-07-17 12:49 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E1031043-1914-4F3D-BA69-5B020D9AF557}
    2012-07-17 12:49 - 2012-07-17 12:49 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C876F9DA-E585-4EA1-AC27-714ACF2F9BEC}
    2012-07-16 20:50 - 2012-07-16 20:50 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{EAA304DC-34F1-4236-8872-5F38ED30F235}
    2012-07-16 20:50 - 2012-07-16 20:50 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C145CDD4-50C4-422E-9D5D-5604CA2795CC}
    2012-07-15 14:09 - 2012-07-15 14:09 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{857EB0B0-C936-4CC8-AF2C-57C18333AEBC}
    2012-07-15 14:09 - 2012-07-15 14:09 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{47B25E66-AD4B-44B0-8662-5F427453B9DF}
    2012-07-15 02:05 - 2012-07-15 02:05 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{9B17D21E-660B-48E6-BE0B-03543A240552}
    2012-07-15 02:05 - 2012-07-15 02:05 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{1309ECF8-63B6-441B-92C4-363C0835E67D}
    2012-07-14 14:53 - 2012-07-14 14:53 - 00001843 ____A C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk
    2012-07-14 14:52 - 2012-01-31 05:44 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-07-14 14:40 - 2012-08-02 23:05 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-14 14:39 - 2012-08-01 11:52 - 00721626 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-14 14:38 - 2010-04-06 01:34 - 00345984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-07-14 14:04 - 2012-07-14 14:04 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C8D8D554-703E-456B-A29D-DA8D9E6D8E25}
    2012-07-14 14:04 - 2012-07-14 14:04 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{B2DBB110-BEA7-4CFE-AB0E-7B4CFE970EC8}
    2012-07-13 14:01 - 2012-07-13 14:01 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{A3CF672B-2FE8-45D9-9970-78A9E192762C}
    2012-07-13 14:00 - 2012-07-13 14:01 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C59658A6-A670-418B-84AF-59652EF2B287}
    2012-07-12 14:14 - 2012-07-12 14:14 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{37057AD5-A2C9-44A9-828E-631B02759C8A}
    2012-07-12 14:14 - 2012-07-12 14:14 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{0194D104-4EAC-4838-89CE-FAC4273BCA18}
    2012-07-11 18:16 - 2012-08-01 11:21 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000UA.job
    2012-07-11 18:16 - 2012-07-23 20:21 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000Core.job
    2012-07-11 18:16 - 2012-07-11 18:16 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\Deployment
    2012-07-11 18:16 - 2012-07-11 18:16 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\Apps\2.0
    2012-07-11 13:52 - 2012-07-23 17:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-11 13:49 - 2012-07-11 13:50 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{DC17E996-2F0E-43DE-9FE9-EE0998BC0B22}
    2012-07-11 13:49 - 2012-07-11 13:49 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E64575BC-10A4-4D74-B3A6-44FF3B672126}
    2012-07-10 16:11 - 2012-06-13 06:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 16:11 - 2012-06-02 05:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-10 16:11 - 2012-06-02 05:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-10 16:11 - 2012-06-02 05:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-10 16:11 - 2012-06-02 05:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-10 16:11 - 2012-06-02 05:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-10 16:11 - 2012-06-02 05:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-10 16:11 - 2012-06-02 05:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-10 16:11 - 2012-06-02 05:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-10 16:11 - 2012-06-02 05:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-10 16:11 - 2012-06-02 05:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-10 16:11 - 2012-06-02 04:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-10 16:11 - 2012-06-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-10 16:11 - 2012-06-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-10 16:11 - 2012-06-02 04:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-10 16:11 - 2012-06-02 02:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-10 16:11 - 2012-06-02 01:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-10 16:11 - 2012-06-02 01:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-10 16:11 - 2012-06-02 01:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-10 16:11 - 2012-06-02 01:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-10 16:11 - 2012-06-02 01:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-10 16:11 - 2012-06-02 01:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-10 16:11 - 2012-06-02 01:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-10 16:11 - 2012-06-02 01:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-10 16:11 - 2012-06-02 01:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-10 16:11 - 2012-06-02 01:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-10 16:11 - 2012-06-02 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-10 16:11 - 2012-06-02 01:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-10 16:11 - 2012-06-02 01:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-10 14:21 - 2012-07-10 14:22 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{27E22EFD-32B6-40F7-92C4-6A953A242AE0}
    2012-07-10 14:21 - 2012-07-10 14:21 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{3977B127-5EC0-46E9-A4C7-34464146B8D6}
    2012-07-10 14:14 - 2012-06-05 09:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 14:14 - 2012-06-05 09:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 14:14 - 2012-06-05 09:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 14:14 - 2012-06-05 09:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 14:13 - 2012-06-08 10:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 14:13 - 2012-06-08 10:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 14:13 - 2012-06-04 08:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 14:13 - 2012-06-01 17:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 14:13 - 2012-06-01 17:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 14:13 - 2012-06-01 17:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 14:13 - 2012-06-01 17:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 14:13 - 2012-06-01 17:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-09 16:17 - 2012-07-09 16:17 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{900FC53F-0B1F-49CF-BB3F-FE8CF7BF4F74}
    2012-07-09 16:16 - 2012-07-09 16:17 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C994C016-79EE-475D-B92E-82DCD667D559}
    2012-07-08 14:29 - 2012-07-08 14:29 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{ED8EEE19-097D-4F2C-8B52-4FE257CCD8F2}
    2012-07-08 14:29 - 2012-07-08 14:29 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E0CAE462-3E72-4727-8488-B9993E968A41}
    2012-07-08 02:28 - 2012-07-08 02:29 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{D5DEEB99-9D6C-4C33-8E04-F878289235E1}
    2012-07-08 02:28 - 2012-07-08 02:28 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{437EE68A-8444-4F4B-B440-9C87B6A983D4}
    2012-07-07 14:28 - 2012-07-07 14:28 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{FC0BA4D2-51E9-4ADE-B85A-1956E48E67D9}
    2012-07-07 14:28 - 2012-07-07 14:28 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E8368123-37E4-4411-BA09-793E29BDB954}
    2012-07-06 13:37 - 2012-07-06 13:37 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{1DB41713-45BE-4133-A2DB-BAA839C9A898}
    2012-07-06 13:37 - 2012-07-06 13:37 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{1AEEC4E4-FCCB-4BD7-B7DA-865413CC0697}
    2012-07-05 14:23 - 2012-07-05 14:23 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{222CFE21-0A23-424E-8566-B6316D0DA406}
    2012-07-05 14:22 - 2012-07-05 14:22 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{DAEE5B74-A6BD-42F1-9B31-2D32EEEB1B28}
    2012-07-05 02:21 - 2012-07-05 02:21 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{29F53F05-05B6-4F1F-A94C-BCD164687240}
    2012-07-05 02:21 - 2012-07-05 02:21 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{0C9FCF25-2D82-4B23-A43C-63A81657E5FB}

    ============ 3 Months Modified Files ========================
    2012-08-04 12:11 - 2006-11-02 05:46 - 00706778 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-04 11:59 - 2006-11-02 08:42 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-04 11:59 - 2006-11-02 08:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-04 11:59 - 2006-11-02 08:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-04 11:59 - 2006-11-02 08:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-04 11:57 - 2006-11-02 08:27 - 00121815 ____A C:\Windows\setupact.log
    2012-08-04 11:22 - 2012-04-07 12:28 - 00006944 ____A C:\Users\ASHLEY (Admin.)\AppData\Local\d3d9caps.dat
    2012-08-02 23:05 - 2012-07-14 14:40 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-01 11:54 - 2011-05-30 01:31 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-01 11:53 - 2008-01-20 18:53 - 02092781 ____A C:\Windows\WindowsUpdate.log
    2012-08-01 11:52 - 2012-07-14 14:39 - 00721626 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-01 11:21 - 2012-07-11 18:16 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000UA.job
    2012-07-31 16:20 - 2012-07-31 16:20 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66B0882324E49333
    2012-07-24 13:14 - 2012-07-24 13:14 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B538F0C523042A7
    2012-07-24 12:05 - 2011-05-31 22:54 - 00282472 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-24 12:05 - 2011-05-30 16:15 - 00282472 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-24 12:05 - 2011-05-30 16:15 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-23 20:21 - 2012-07-11 18:16 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000Core.job
    2012-07-23 17:24 - 2012-07-11 13:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-23 17:24 - 2011-05-31 19:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-18 18:09 - 2011-05-30 01:01 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-07-14 14:53 - 2012-07-14 14:53 - 00001843 ____A C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk
    2012-07-14 14:34 - 2008-01-20 20:26 - 01184644 ____A C:\Windows\PFRO.log
    2012-07-11 01:29 - 2011-05-30 13:00 - 00011872 ____A C:\Users\ASHLEY (Admin.)\AppData\Roaming\wklnhst.dat
    2012-07-10 21:02 - 2006-11-02 08:21 - 00399744 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-10 16:13 - 2006-11-02 05:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-06-25 17:58 - 2011-07-06 17:11 - 00000725 ____A C:\Users\ASHLEY (Admin.)\Desktop\Ventrilo.lnk
    2012-06-25 17:58 - 2011-06-26 17:38 - 00000989 ____A C:\Users\ASHLEY (Admin.)\Desktop\Core Temp.lnk
    2012-06-15 18:12 - 2012-06-15 18:12 - 00000221 ____A C:\Users\ASHLEY (Admin.)\Desktop\CoD Modern Warfare 2.url
    2012-06-13 06:58 - 2012-07-10 16:11 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 13:50 - 2012-06-11 13:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 13:50 - 2012-06-11 13:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 13:50 - 2012-06-11 13:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 13:50 - 2012-06-11 13:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 13:50 - 2012-06-11 13:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 13:50 - 2012-06-11 13:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 13:49 - 2012-06-11 13:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 11:59 - 2012-06-11 11:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 11:35 - 2012-06-11 11:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 11:29 - 2012-06-11 11:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 11:00 - 2012-06-11 11:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 10:26 - 2012-06-11 10:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 10:26 - 2012-06-11 10:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 10:25 - 2012-06-11 10:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 10:24 - 2011-04-19 19:09 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 10:23 - 2011-04-19 19:07 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 10:20 - 2012-06-11 10:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 10:19 - 2012-06-11 10:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 10:19 - 2012-06-11 10:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 10:17 - 2012-06-11 10:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 10:17 - 2012-06-11 10:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 10:17 - 2012-06-11 10:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 10:17 - 2012-06-11 10:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 10:16 - 2011-04-19 18:59 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 10:01 - 2012-06-11 10:01 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 09:51 - 2011-04-19 18:40 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 09:50 - 2012-06-11 09:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 09:45 - 2012-06-11 09:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 09:45 - 2012-06-11 09:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 09:45 - 2012-06-11 09:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 09:45 - 2012-06-11 09:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 09:45 - 2012-06-11 09:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 09:45 - 2012-04-05 18:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 09:43 - 2012-04-05 18:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 09:41 - 2012-06-11 09:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 09:40 - 2012-06-11 09:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 09:36 - 2011-04-19 18:31 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 09:27 - 2012-06-11 09:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 09:26 - 2012-06-11 09:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 09:25 - 2012-06-11 09:25 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 09:25 - 2011-04-19 18:21 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 09:25 - 2011-04-19 18:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 09:24 - 2012-06-11 09:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 09:24 - 2011-04-19 18:21 - 00045056 ____A C:\Windows\System32\atitmp64.dll
    2012-06-11 09:24 - 2011-04-19 18:21 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 09:23 - 2012-06-11 09:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 09:23 - 2012-06-11 09:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 09:23 - 2012-06-11 09:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 09:23 - 2012-06-11 09:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-08 10:59 - 2012-07-10 14:13 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 10:47 - 2012-07-10 14:13 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 09:47 - 2012-07-10 14:14 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 09:47 - 2012-07-10 14:14 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 09:22 - 2012-07-10 14:14 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 09:22 - 2012-07-10 14:14 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-04 08:29 - 2012-07-10 14:13 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-02 15:19 - 2012-06-21 13:58 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 15:19 - 2012-06-21 13:58 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 15:19 - 2012-06-21 13:58 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-02 15:19 - 2012-06-21 13:58 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 15:19 - 2012-06-21 13:58 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 15:19 - 2012-06-21 13:58 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 15:19 - 2012-06-21 13:58 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-02 15:19 - 2012-06-21 13:57 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 15:19 - 2012-06-21 13:57 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-02 15:15 - 2012-06-21 13:58 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 15:15 - 2012-06-21 13:58 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 15:15 - 2012-06-21 13:57 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 15:12 - 2012-06-21 13:58 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-02 15:12 - 2012-06-21 13:57 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-06-02 05:49 - 2012-07-10 16:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 05:17 - 2012-07-10 16:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 05:12 - 2012-07-10 16:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 05:05 - 2012-07-10 16:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 05:05 - 2012-07-10 16:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 05:04 - 2012-07-10 16:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 05:04 - 2012-07-10 16:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 05:03 - 2012-07-10 16:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 05:01 - 2012-07-10 16:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 05:00 - 2012-07-10 16:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 04:59 - 2012-07-10 16:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 04:57 - 2012-07-10 16:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 04:57 - 2012-07-10 16:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 04:54 - 2012-07-10 16:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 02:07 - 2012-07-10 16:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 01:43 - 2012-07-10 16:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 01:33 - 2012-07-10 16:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 01:26 - 2012-07-10 16:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 01:25 - 2012-07-10 16:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 01:25 - 2012-07-10 16:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 01:23 - 2012-07-10 16:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 01:21 - 2012-07-10 16:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 01:20 - 2012-07-10 16:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 01:19 - 2012-07-10 16:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 01:19 - 2012-07-10 16:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 01:17 - 2012-07-10 16:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 01:16 - 2012-07-10 16:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 01:14 - 2012-07-10 16:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 17:22 - 2012-07-10 14:13 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 17:22 - 2012-07-10 14:13 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 17:05 - 2012-07-10 14:13 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 17:04 - 2012-07-10 14:13 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 17:03 - 2012-07-10 14:13 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-05-14 20:50 - 2011-05-30 16:15 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

    ZeroAccess:
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}\@
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}\L
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}\U
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}\U\00000001.@
    ZeroAccess:
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}\@
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}\L
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}\U
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}\U\00000001.@
    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2011-05-30 01:31] - [2012-08-01 11:54] - 0384512 ____A (Microsoft Corporation) E2D076F2C1239AA6C7412BA6B8B1DE4E
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ========================= Memory info ======================
    Percentage of memory in use: 8%
    Total physical RAM: 8190.33 MB
    Available physical RAM: 7505.63 MB
    Total Pagefile: 16431.67 MB
    Available Pagefile: 15969.33 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB
    ======================= Partitions =========================
    1 Drive c: (HP - Seagate 1 TB) (Fixed) (Total:918.53 GB) (Free:632.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.98 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (HP - Seagate 500 GB) (Fixed) (Total:456.52 GB) (Free:356.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    8 Drive j: (FACTORY_IMAGE) (Fixed) (Total:9.24 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    10 Drive l: (CORSAIR) (Removable) (Total:30.24 GB) (Free:30.24 GB) FAT32
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 932 GB 0 B
    Disk 1 Online 466 GB 0 B
    Disk 2 Online 30 GB 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 919 GB 32 KB
    Partition 2 Primary 13 GB 919 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C HP - Seagat NTFS Partition 919 GB Healthy Boot
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D FACTORY_IMA NTFS Partition 13 GB Healthy System (partition with boot components)
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 457 GB 32 KB
    Partition 2 Primary 9 GB 457 GB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E HP - Seagat NTFS Partition 457 GB Healthy
    ==================================================================================
    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 J FACTORY_IMA NTFS Partition 9 GB Healthy
    ==================================================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 30 GB 1024 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 L CORSAIR FAT32 Removable 30 GB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-08-04 11:27
    ======================= End Of Log ==========================
  6. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    and ...

    ==============================

    Farbar Recovery Scan Tool Version: 04-08-2012
    Ran by ASHLEY (Admin.) at 2012-08-04 12:15:07
    Running from L:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2011-05-30 01:31] - [2009-04-10 23:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 19:50] - [2008-01-20 19:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2011-05-30 01:31] - [2009-04-11 00:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 19:49] - [2008-01-20 19:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
    C:\Windows\SysWOW64\services.exe
    [2011-05-30 01:31] - [2009-04-10 23:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\System32\services.exe
    [2011-05-30 01:31] - [2012-08-01 11:54] - 0384512 ____A (Microsoft Corporation) E2D076F2C1239AA6C7412BA6B8B1DE4E
    ====== End Of Search ======
  7. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    That's not right.
    You ran the tool from within Windows.
    Please re-read my instructions.
  8. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    Hmmmm ... I'm working on trying to figure this out, as I said my screens looked different that what you described ...
    I hope I'm not hosed :confused: by the fact that I may have a proprietary HP Recovery Manager versioin of Windows Vista ?
    Doing more looking on the net and will post back on Sunday one way or another.

    I don't have this ....

    [​IMG]

    I got more this ....

    [​IMG]
  9. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    You'll need Vista DVD to use second option:
    To enter System Recovery Options by using Windows installation disc:
  10. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    Great ... I'm hosed :oops: , HP only provided it's own proprietary versioin of Windows Vista Recovery Disc's, which leads me right back to that HP Total Care screen above ... I don't have a "MICROSOFT" version CD/DVD of Vista, as HP doesn't provide that when you buy their desktops.

    I guess let me see what I can find for a VISTA Disc on Amazon, and get back to you ? :confused:
  11. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    I'll PM you...
  12. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    OK :p let's try this again shall we ...

    FRST FILE -
    ========================================================================================

    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012
    Ran by SYSTEM at 05-08-2012 19:59:12
    Running from J:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [153624 2008-09-23] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [225816 2008-09-23] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [199704 2008-09-23] (Intel Corporation)
    HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
    HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [182808 2008-10-06] (Intel Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-09-11] (CyberLink Corp.)
    HKLM-x32\...\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1152296 2008-10-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-10-17] (CyberLink)
    HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Gaming Mouse Hid] "C:\Program Files (x86)\Gaming Mouse\hid.exe" [428544 2010-01-19] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [Spawn Gaming Mouse] "C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe" [135168 2010-12-15] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKU\ASHLEY (Admin.)\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\ASHLEY (Admin.)\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
    HKU\ASHLEY (Admin.)\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\ASHLEY (Admin.)\...\Run: [Google Update] "C:\Users\ASHLEY (Admin.)\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-11] (Google Inc.)
    HKU\ASHLEY (Admin.)\...\Run: [MusicManager] "C:\Users\ASHLEY (Admin.)\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
    HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
    HKU\UpdatusUser.MOMS-COMPUTER\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\UpdatusUser.MOMS-COMPUTER\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    ==================== Services (Whitelisted) ======
    4 GameConsoleService; "C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe" [165416 2008-05-05] (WildTangent, Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-14] ()
    2 XAudioService; C:\Windows\System32\DRIVERS\xaudio64.exe work [434688 2008-09-04] (Conexant Systems, Inc.)
    ========================== Drivers (Whitelisted) =============
    3 AsusgmsFltr; C:\Windows\System32\drivers\Asusgms.sys [11520 2010-01-11] (Primax Ltd)
    3 CAXHWBS2; C:\Windows\System32\Drivers\CAXHWBS2.sys [411136 2008-09-10] (Conexant Systems, Inc.)
    3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1486336 2008-09-10] (Conexant Systems, Inc.)
    3 Ps2; C:\Windows\System32\Drivers\Ps2.sys [21504 2006-09-07] ()
    3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [89600 2007-02-12] (Prolific Technology Inc.)
    2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-08-05 11:40 - 2012-08-05 11:40 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{A62A8ADD-21C2-4956-AEF2-97643F94EF79}
    2012-08-04 11:11 - 2012-08-04 11:12 - 00000000 ____D C:\FRST
    2012-08-04 10:23 - 2012-08-04 10:23 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{9B005808-7F1A-4AD4-9C0A-B1675E9CAEB9}
    2012-08-04 10:23 - 2012-08-04 10:23 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{3EB8D702-85AD-46F3-88A7-A8E8A8B126DA}
    2012-08-01 10:52 - 2012-08-02 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-08-01 10:26 - 2012-08-01 10:26 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Roaming\HP SureStore Application
    2012-08-01 10:26 - 2012-08-01 10:26 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Roaming\ArcSoft
    2012-08-01 10:26 - 2012-08-01 10:26 - 00000000 ____D C:\Users\All Users\ArcSoft
    2012-08-01 10:21 - 2012-08-01 10:21 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{A6AF5BF9-6707-4DED-97EF-CF9AAB9832BF}
    2012-08-01 10:21 - 2012-08-01 10:21 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{94812D0B-6621-483D-A6E0-E35A52B5C99B}
    2012-07-31 21:31 - 2012-07-31 21:31 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{58267674-092A-4BB6-9032-424BC63A3B6A}
    2012-07-31 21:30 - 2012-07-31 21:31 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{94890400-CF65-4C64-A61D-58BB9E5E573E}
    2012-07-31 15:20 - 2012-07-31 15:20 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66B0882324E49333
    2012-07-24 12:14 - 2012-07-24 12:14 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B538F0C523042A7
    2012-07-24 12:05 - 2012-08-02 22:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-24 10:30 - 2012-07-24 10:30 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{0F20805B-9FF8-4850-88AE-B00C7AFE78B3}
    2012-07-24 10:29 - 2012-07-24 10:30 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{EE295C1E-2E47-413F-82D4-9CED7B7F6F6B}
    2012-07-23 21:36 - 2012-07-23 21:36 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{FA0B1081-8AC9-40DA-AA03-1BC72209822C}
    2012-07-23 21:36 - 2012-07-23 21:36 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{2D584ED4-11CC-40AF-81DA-CED0A4F49232}
    2012-07-23 16:27 - 2012-07-23 16:27 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-23 09:36 - 2012-07-23 09:36 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{7DBBA6C0-8C59-4A4F-890F-DC0FA1CB8184}
    2012-07-23 09:36 - 2012-07-23 09:36 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{2166DEF6-427E-46AF-8A53-9093F51600A9}
    2012-07-22 14:58 - 2012-07-22 14:58 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{94136B68-A232-4425-8DCF-0FC063B58CFC}
    2012-07-22 14:58 - 2012-07-22 14:58 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{09D79907-F950-4A59-8427-BEBBE47D8C5D}
    2012-07-21 11:13 - 2012-07-21 11:13 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C3373312-9AF6-4CD7-B855-B62F39C53169}
    2012-07-21 11:12 - 2012-07-21 11:13 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{029DCE34-387A-4240-A9B6-AAF602301ADA}
    2012-07-20 23:06 - 2012-07-20 23:06 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{EFF080B6-F853-4CCF-9EDE-C5AA8E15365B}
    2012-07-20 23:06 - 2012-07-20 23:06 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{EB905DE6-813E-41E2-BFB2-FABF673B3728}
    2012-07-20 11:05 - 2012-07-20 11:06 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{72498C43-3BCF-491F-A399-E8B18DD23E99}
    2012-07-20 11:05 - 2012-07-20 11:05 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{9E8F8BFF-EDE6-47DC-BAD7-170B52E38024}
    2012-07-19 11:58 - 2012-07-19 11:58 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E4E0279D-5940-4510-972D-0DBA4ECB9045}
    2012-07-19 11:58 - 2012-07-19 11:58 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{6CF47B3D-F7F5-4D3E-ACB0-0BF63D1FDEF4}
    2012-07-18 12:25 - 2012-07-18 12:25 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E1EA2E56-2E1A-4D79-A95E-65D8E6C9B34F}
    2012-07-18 12:24 - 2012-07-18 12:24 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{15612DD5-FAAB-4F5E-83E6-9F95F95810F2}
    2012-07-17 11:49 - 2012-07-17 11:49 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E1031043-1914-4F3D-BA69-5B020D9AF557}
    2012-07-17 11:49 - 2012-07-17 11:49 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C876F9DA-E585-4EA1-AC27-714ACF2F9BEC}
    2012-07-16 19:50 - 2012-07-16 19:50 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{EAA304DC-34F1-4236-8872-5F38ED30F235}
    2012-07-16 19:50 - 2012-07-16 19:50 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C145CDD4-50C4-422E-9D5D-5604CA2795CC}
    2012-07-15 13:09 - 2012-07-15 13:09 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{857EB0B0-C936-4CC8-AF2C-57C18333AEBC}
    2012-07-15 13:09 - 2012-07-15 13:09 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{47B25E66-AD4B-44B0-8662-5F427453B9DF}
    2012-07-15 01:05 - 2012-07-15 01:05 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{9B17D21E-660B-48E6-BE0B-03543A240552}
    2012-07-15 01:05 - 2012-07-15 01:05 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{1309ECF8-63B6-441B-92C4-363C0835E67D}
    2012-07-14 13:53 - 2012-07-14 13:53 - 00001843 ____A C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk
    2012-07-14 13:52 - 2012-01-31 04:44 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-07-14 13:40 - 2012-08-02 22:05 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-14 13:39 - 2012-08-01 10:52 - 00721626 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-14 13:38 - 2010-04-06 00:34 - 00345984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-07-14 13:04 - 2012-07-14 13:04 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C8D8D554-703E-456B-A29D-DA8D9E6D8E25}
    2012-07-14 13:04 - 2012-07-14 13:04 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{B2DBB110-BEA7-4CFE-AB0E-7B4CFE970EC8}
    2012-07-13 13:01 - 2012-07-13 13:01 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{A3CF672B-2FE8-45D9-9970-78A9E192762C}
    2012-07-13 13:00 - 2012-07-13 13:01 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C59658A6-A670-418B-84AF-59652EF2B287}
    2012-07-12 13:14 - 2012-07-12 13:14 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{37057AD5-A2C9-44A9-828E-631B02759C8A}
    2012-07-12 13:14 - 2012-07-12 13:14 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{0194D104-4EAC-4838-89CE-FAC4273BCA18}
    2012-07-11 17:16 - 2012-08-04 20:21 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000UA.job
    2012-07-11 17:16 - 2012-08-04 19:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000Core.job
    2012-07-11 17:16 - 2012-07-11 17:16 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\Deployment
    2012-07-11 17:16 - 2012-07-11 17:16 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\Apps\2.0
    2012-07-11 12:52 - 2012-07-23 16:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-11 12:49 - 2012-07-11 12:50 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{DC17E996-2F0E-43DE-9FE9-EE0998BC0B22}
    2012-07-11 12:49 - 2012-07-11 12:49 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E64575BC-10A4-4D74-B3A6-44FF3B672126}
    2012-07-10 15:11 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 15:11 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-10 15:11 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-10 15:11 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-10 15:11 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-10 15:11 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-10 15:11 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-10 15:11 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-10 15:11 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-10 15:11 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-10 15:11 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-10 15:11 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-10 15:11 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-10 15:11 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-10 15:11 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-10 15:11 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-10 15:11 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-10 15:11 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-10 15:11 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-10 15:11 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-10 15:11 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-10 15:11 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-10 15:11 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-10 15:11 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-10 15:11 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-10 15:11 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-10 15:11 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-10 15:11 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-10 15:11 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-10 13:21 - 2012-07-10 13:22 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{27E22EFD-32B6-40F7-92C4-6A953A242AE0}
    2012-07-10 13:21 - 2012-07-10 13:21 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{3977B127-5EC0-46E9-A4C7-34464146B8D6}
    2012-07-10 13:14 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 13:14 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 13:14 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 13:14 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 13:13 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 13:13 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 13:13 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 13:13 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 13:13 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 13:13 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 13:13 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 13:13 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-09 15:17 - 2012-07-09 15:17 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{900FC53F-0B1F-49CF-BB3F-FE8CF7BF4F74}
    2012-07-09 15:16 - 2012-07-09 15:17 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{C994C016-79EE-475D-B92E-82DCD667D559}
    2012-07-08 13:29 - 2012-07-08 13:29 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{ED8EEE19-097D-4F2C-8B52-4FE257CCD8F2}
    2012-07-08 13:29 - 2012-07-08 13:29 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E0CAE462-3E72-4727-8488-B9993E968A41}
    2012-07-08 01:28 - 2012-07-08 01:29 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{D5DEEB99-9D6C-4C33-8E04-F878289235E1}
    2012-07-08 01:28 - 2012-07-08 01:28 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{437EE68A-8444-4F4B-B440-9C87B6A983D4}
    2012-07-07 13:28 - 2012-07-07 13:28 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{FC0BA4D2-51E9-4ADE-B85A-1956E48E67D9}
    2012-07-07 13:28 - 2012-07-07 13:28 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{E8368123-37E4-4411-BA09-793E29BDB954}
    2012-07-06 12:37 - 2012-07-06 12:37 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{1DB41713-45BE-4133-A2DB-BAA839C9A898}
    2012-07-06 12:37 - 2012-07-06 12:37 - 00000000 ____D C:\Users\ASHLEY (Admin.)\AppData\Local\{1AEEC4E4-FCCB-4BD7-B7DA-865413CC0697}

    ============ 3 Months Modified Files ========================
    2012-08-05 14:53 - 2006-11-02 07:42 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-05 14:53 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-05 14:53 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-05 14:53 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-05 13:30 - 2006-11-02 04:46 - 00706778 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-05 13:27 - 2008-01-20 17:53 - 01067299 ____A C:\Windows\WindowsUpdate.log
    2012-08-05 11:39 - 2012-04-07 11:28 - 00006944 ____A C:\Users\ASHLEY (Admin.)\AppData\Local\d3d9caps.dat
    2012-08-04 20:21 - 2012-07-11 17:16 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000UA.job
    2012-08-04 19:49 - 2011-05-31 21:54 - 00282472 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-08-04 19:49 - 2011-05-30 15:15 - 00282472 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-08-04 19:49 - 2011-05-30 15:15 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-08-04 19:48 - 2011-05-30 12:00 - 00011872 ____A C:\Users\ASHLEY (Admin.)\AppData\Roaming\wklnhst.dat
    2012-08-04 19:20 - 2012-07-11 17:16 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000Core.job
    2012-08-04 18:42 - 2006-11-02 07:21 - 00399744 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-04 10:57 - 2006-11-02 07:27 - 00121815 ____A C:\Windows\setupact.log
    2012-08-02 22:05 - 2012-07-14 13:40 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-01 10:54 - 2011-05-30 00:31 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-01 10:52 - 2012-07-14 13:39 - 00721626 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-31 15:20 - 2012-07-31 15:20 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66B0882324E49333
    2012-07-24 12:14 - 2012-07-24 12:14 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B538F0C523042A7
    2012-07-23 16:24 - 2012-07-11 12:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-23 16:24 - 2011-05-31 18:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-18 17:09 - 2011-05-30 00:01 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-07-14 13:53 - 2012-07-14 13:53 - 00001843 ____A C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk
    2012-07-14 13:34 - 2008-01-20 19:26 - 01184644 ____A C:\Windows\PFRO.log
    2012-07-10 15:13 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-06-25 16:58 - 2011-07-06 16:11 - 00000725 ____A C:\Users\ASHLEY (Admin.)\Desktop\Ventrilo.lnk
    2012-06-25 16:58 - 2011-06-26 16:38 - 00000989 ____A C:\Users\ASHLEY (Admin.)\Desktop\Core Temp.lnk
    2012-06-15 17:12 - 2012-06-15 17:12 - 00000221 ____A C:\Users\ASHLEY (Admin.)\Desktop\CoD Modern Warfare 2.url
    2012-06-13 05:58 - 2012-07-10 15:11 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 12:50 - 2012-06-11 12:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 12:50 - 2012-06-11 12:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 12:49 - 2012-06-11 12:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:24 - 2011-04-19 18:09 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 09:23 - 2011-04-19 18:07 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 09:16 - 2011-04-19 17:59 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 09:01 - 2012-06-11 09:01 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 08:51 - 2011-04-19 17:40 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2011-04-19 17:31 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:25 - 2012-06-11 08:25 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 08:25 - 2011-04-19 17:21 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:25 - 2011-04-19 17:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:24 - 2011-04-19 17:21 - 00045056 ____A C:\Windows\System32\atitmp64.dll
    2012-06-11 08:24 - 2011-04-19 17:21 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-08 09:59 - 2012-07-10 13:13 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 09:47 - 2012-07-10 13:13 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 08:47 - 2012-07-10 13:14 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 08:47 - 2012-07-10 13:14 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 08:22 - 2012-07-10 13:14 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 08:22 - 2012-07-10 13:14 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-04 07:29 - 2012-07-10 13:13 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-02 14:19 - 2012-06-21 12:58 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 12:58 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 12:58 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 12:58 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 12:58 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 12:58 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:19 - 2012-06-21 12:58 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-02 14:19 - 2012-06-21 12:57 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-21 12:57 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-02 14:15 - 2012-06-21 12:58 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 12:58 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-21 12:57 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 14:12 - 2012-06-21 12:58 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-02 14:12 - 2012-06-21 12:57 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-06-02 04:49 - 2012-07-10 15:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-10 15:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-10 15:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-10 15:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-10 15:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-10 15:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-10 15:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-10 15:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-10 15:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-10 15:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-10 15:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-10 15:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-10 15:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-10 15:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-10 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-10 15:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-10 15:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-10 15:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-10 15:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-10 15:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-10 15:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-10 15:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-10 15:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-10 15:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-10 15:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-10 15:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-10 15:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-10 15:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 16:22 - 2012-07-10 13:13 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 16:22 - 2012-07-10 13:13 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 16:05 - 2012-07-10 13:13 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 16:04 - 2012-07-10 13:13 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 16:03 - 2012-07-10 13:13 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-05-14 19:50 - 2011-05-30 15:15 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

    ZeroAccess:
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}\@
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}\L
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}\U
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33}\U\00000001.@
    ZeroAccess:
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}\@
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}\L
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}\U
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33}\U\00000001.@
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2011-05-30 00:31] - [2012-08-01 10:54] - 0384512 ____A (Microsoft Corporation) E2D076F2C1239AA6C7412BA6B8B1DE4E
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 9%
    Total physical RAM: 8190.33 MB
    Available physical RAM: 7402.14 MB
    Total Pagefile: 7796 MB
    Available Pagefile: 7373.82 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: (HP - Seagate 1 TB) (Fixed) (Total:918.53 GB) (Free:623.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.98 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (2008.03.29_2201) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF
    8 Drive j: (CORSAIR) (Removable) (Total:30.24 GB) (Free:30.24 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 932 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 30 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 919 GB 32 KB
    Partition 2 Primary 13 GB 919 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C HP - Seagat NTFS Partition 919 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D FACTORY_IMA NTFS Partition 13 GB Healthy
    ==================================================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 30 GB 1024 KB
    ==================================================================================
    Disk: 5
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J CORSAIR FAT32 Removable 30 GB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-08-05 13:30
    ======================= End Of Log ==========================
  13. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    SEARCH File -

    Farbar Recovery Scan Tool Version: 04-08-2012
    Ran by SYSTEM at 2012-08-05 20:00:40
    Running from J:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2011-05-30 00:31] - [2009-04-10 22:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2011-05-30 00:31] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
    C:\Windows\SysWOW64\services.exe
    [2011-05-30 00:31] - [2009-04-10 22:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\System32\services.exe
    [2011-05-30 00:31] - [2012-08-01 10:54] - 0384512 ____A (Microsoft Corporation) E2D076F2C1239AA6C7412BA6B8B1DE4E
    ====== End Of Search ======
     
  14. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  15. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    So after fixlist.txt runs ... next you're looking for ...
    Fixlog.txt + C:\ComboFix.txt
    ... from me, is that correct ? Getting late so will post them on Monday as soon as I can.
    Thanks
  16. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    Fixlog.txt
    ==========================================

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012
    Ran by SYSTEM at 2012-08-05 22:42:54 Run:1
    Running from J:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.66B0882324E49333 moved successfully.
    C:\Windows\System32\services.exe.6B538F0C523042A7 moved successfully.
    C:\Windows\Installer\{cf356453-a252-f537-e20a-e90f9e60ff33} moved successfully.
    C:\Users\ASHLEY (Admin.)\AppData\Local\{cf356453-a252-f537-e20a-e90f9e60ff33} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  17. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    C:\ComboFix.txt
    ======================================
    ComboFix 12-08-05.02 - ASHLEY (Admin.) 08/05/2012 23:01:53.1.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6437 [GMT -7:00]
    Running from: c:\users\ASHLEY (Admin.)\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\Complitly
    c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
    c:\program files (x86)\Complitly\FireFoxExtension.exe
    c:\program files (x86)\Complitly\InstTracker.exe
    c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
    c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
    c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
    c:\program files (x86)\Complitly\unins000.dat
    c:\program files (x86)\Complitly\unins000.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
    .
    .
    2074-05-19 01:44 . 2008-03-21 22:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
    2012-08-06 06:10 . 2012-08-06 06:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-06 06:10 . 2012-08-06 06:10 -------- d-----w- c:\users\UpdatusUser.MOMS-COMPUTER\AppData\Local\temp
    2012-08-04 19:11 . 2012-08-04 19:12 -------- d-----w- C:\FRST
    2012-08-01 18:53 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C825BCA9-7124-4F2C-A562-AEC9797B6023}\gapaengine.dll
    2012-08-01 18:53 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0FE51C9-AB7E-4DFB-8A7E-29724D5BFC4B}\mpengine.dll
    2012-08-01 18:52 . 2012-08-03 06:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-08-01 18:26 . 2012-08-01 18:26 -------- d-----w- c:\programdata\ArcSoft
    2012-08-01 18:26 . 2012-08-01 18:26 -------- d-----w- c:\users\ASHLEY (Admin.)\AppData\Roaming\ArcSoft
    2012-08-01 18:26 . 2012-08-01 18:26 -------- d-----w- c:\users\ASHLEY (Admin.)\AppData\Roaming\HP SureStore Application
    2012-07-24 20:05 . 2012-08-03 06:05 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-24 00:27 . 2012-07-24 00:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-14 21:52 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-07-14 21:38 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-07-12 01:17 . 2012-07-12 01:17 -------- d-----w- c:\users\ASHLEY (Admin.)\AppData\Local\Programs
    2012-07-12 01:16 . 2012-07-12 01:16 -------- d-----w- c:\users\ASHLEY (Admin.)\AppData\Local\Deployment
    2012-07-12 01:16 . 2012-07-12 01:16 -------- d-----w- c:\users\ASHLEY (Admin.)\AppData\Local\Apps
    2012-07-11 20:52 . 2012-07-24 00:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-10 21:14 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2012-07-10 21:14 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-10 21:14 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-10 21:14 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-10 21:14 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-10 21:14 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-10 21:13 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-10 21:13 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
    2012-07-10 21:13 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-10 21:13 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-07-10 21:13 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-07-10 21:13 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-07-10 21:13 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-05 03:49 . 2011-06-01 05:54 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-08-05 03:49 . 2011-05-30 23:15 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-08-05 03:49 . 2011-05-30 23:15 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-24 00:24 . 2011-06-01 02:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-10 23:13 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
    2012-06-11 20:50 . 2012-06-11 20:50 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 20:50 . 2012-06-11 20:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 20:50 . 2012-06-11 20:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-06-11 20:50 . 2012-06-11 20:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
    2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2011-04-20 02:09 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2011-04-20 02:07 1090560 ----a-w- c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2011-04-20 01:59 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2011-04-20 01:40 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2012-04-06 01:34 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2012-04-06 01:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2011-04-20 01:31 6605824 ----a-w- c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2012-06-11 16:25 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2011-04-20 01:21 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2011-04-20 01:21 45056 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2011-04-20 01:21 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24 . 2011-04-20 01:21 45056 ----a-w- c:\windows\system32\atitmp64.dll
    2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-06-02 22:19 . 2012-06-21 20:58 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 20:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 20:58 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 20:58 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 20:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-21 20:57 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2012-06-02 22:19 . 2012-06-21 20:58 35864 ----a-w- c:\windows\SysWow64\wups.dll
    2012-06-02 22:19 . 2012-06-21 20:58 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 20:58 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 20:58 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 20:57 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-21 20:58 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 22:12 . 2012-06-21 20:57 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2012-06-02 22:12 . 2012-06-21 20:58 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
    2012-05-15 03:50 . 2011-05-30 23:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    2011-01-17 23:54 175912 ----a-w- c:\program files (x86)\XfireXO\prxtbXfir.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "MusicManager"="c:\users\ASHLEY (Admin.)\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-09-19 380928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
    "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
    "Gaming Mouse Hid"="c:\program files (x86)\Gaming Mouse\hid.exe" [2010-01-19 428544]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "Spawn Gaming Mouse"="c:\program files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe" [2010-12-16 135168]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000Core.job
    - c:\users\ASHLEY (Admin.)\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 01:16]
    .
    2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000UA.job
    - c:\users\ASHLEY (Admin.)\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 01:16]
    .
    2011-05-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
    2011-09-09 00:21 167416 ----a-w- c:\users\ASHLEY (Admin.)\AppData\Roaming\Complitly\64\Complitly64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-23 153624]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-23 225816]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-23 199704]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-06 182808]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~2\MI78E4~1\Office14\EXCEL.EXE/3000
    IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
    IE: Se&nd to OneNote - c:\progra~2\MI78E4~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file)
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    AddRemove-HTPE3 - c:\windows\System32\Unwise32.exe
    AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
    "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3400093660-3584223705-3264246961-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:c1,66,2e,0c,5e,b7,20,5d,df,1b,20,d0,64,7d,57,a6,a0,c0,69,f2,71,a7,ef,
    71,a7,e7,c6,34,0a,a4,27,33,9c,68,9f,a9,bb,2c,20,15,0b,5f,b7,de,3a,01,10,21,\
    "??"=hex:57,40,6b,a7,71,89,0a,95,7e,19,74,4d,b1,a8,8d,f1
    .
    [HKEY_USERS\S-1-5-21-3400093660-3584223705-3264246961-1000\Software\SecuROM\License information*]
    "datasecu"=hex:14,76,f8,17,56,c5,45,f7,a9,ec,03,94,ea,03,2f,26,2e,99,af,df,7a,
    9b,08,bb,c2,5e,0c,9c,90,3d,b0,83,45,7b,19,37,ed,fa,38,4d,4b,76,e7,44,3d,9b,\
    "rkeysecu"=hex:83,1e,73,36,1a,94,9f,45,73,3c,d9,46,9c,74,51,be
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-05 23:22:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-06 06:22
    .
    Pre-Run: 669,497,712,640 bytes free
    Post-Run: 669,371,559,936 bytes free
    .
    - - End Of File - - 911C52D0AF83D0CDAB9BAEF8549FE374
  18. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    Looks good :)

    Any current issues?

    ====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  19. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    Yes well ... I've mainly been using my other new computer build at the moment, but ...

    yeah upon startup I still get popup window w/ MS Windows ERROR Code # 0x80070002 ... which I assume is also tied to ...
    MS Windows Firewall and MS Windows Update haven't seemed to want to turn back ON ? ... though I haven't tried to manually turn them back on yet as you told me NOT to make changes to my computer :) so I'm doing what you tell me ... but, which also leads me to a question about downloading using this computer to get things loaded onto the Desktop ... I did it for the ComboFix app ... but MS Security Essentials was still left in limbo since the Sirefef Trojan ... It never fully UN-Installed from this system, nor could I Install the new Kaspersky PURE 2.0 program I picked up as a result ... so right now I feel this computer is a bit vunerable with little to no AV, Malware, Firewall or Update protection turned ON. :confused: though I assume your download links you're giving me are safe :) and I know getting MalwareBytes on it will help as well.

    Other than those concerns ... NO, it seems to be functioning normally again so far, no AV warning pop-ups or Windows Need to Shut Down warnings with the continous 1 minute reboot loop like before, so we're making progress ! (y)

    Will get MBAM and OTL going and post back later ...

    Thanks again,
  20. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    Very well.
    We'll fix fix those other issues step by step.
  21. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.06.13
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    ASHLEY (Admin.) :: MOMS-COMPUTER [administrator]
    8/6/2012 5:20:26 PM
    mbam-log-2012-08-06 (17-20-26).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 249908
    Time elapsed: 1 minute(s), 58 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Windows\System32\V.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\V.ico (Malware.Trace) -> Quarantined and deleted successfully.
    (end)
  22. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    OTL.txt

    OTL logfile created on: 8/6/2012 5:42:47 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\ASHLEY (Admin.)\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 78.72% Memory free
    16.05 Gb Paging File | 14.15 Gb Available in Paging File | 88.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 918.53 Gb Total Space | 623.30 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
    Drive D: | 12.98 Gb Total Space | 1.77 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

    Computer Name: MOMS-COMPUTER | User Name: ASHLEY (Admin.) | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/06 17:40:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ASHLEY (Admin.)\Desktop\OTL.exe
    PRC - [2012/07/23 17:24:25 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
    PRC - [2012/05/14 20:50:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/17 16:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2008/10/17 16:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    PRC - [2008/10/06 13:36:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/10/06 13:36:14 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/09/26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2008/10/17 16:57:20 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll
    MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/06/11 10:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2008/09/04 04:35:08 | 000,434,688 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/06/19 16:20:36 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/14 20:50:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/03 04:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/10/06 13:36:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/06/11 11:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/06/11 09:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/23 05:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/07/06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2010/10/25 18:04:46 | 000,384,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2010/01/11 16:36:32 | 000,011,520 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Asusgms.sys -- (AsusgmsFltr)
    DRV:64bit: - [2009/08/23 07:01:54 | 000,117,776 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/09/10 06:09:48 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2008/09/10 06:08:04 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2008/09/10 06:07:02 | 001,486,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
    DRV:64bit: - [2008/09/09 18:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
    DRV:64bit: - [2008/09/04 04:34:58 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2008/09/02 06:21:04 | 008,034,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2007/02/12 17:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl)
    DRV:64bit: - [2006/06/19 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2008/09/26 02:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4F7F0E39-C4BE-4626-832A-58B50CC1396C}
    IE:64bit: - HKLM\..\SearchScopes\{4F7F0E39-C4BE-4626-832A-58B50CC1396C}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{D572F157-F436-46C2-8B76-E5E399612BCA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{4F7F0E39-C4BE-4626-832A-58B50CC1396C}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
    IE - HKLM\..\SearchScopes\{D572F157-F436-46C2-8B76-E5E399612BCA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes,DefaultScope = {4F7F0E39-C4BE-4626-832A-58B50CC1396C}
    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{4F7F0E39-C4BE-4626-832A-58B50CC1396C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{91E12EF1-474D-460C-A2F7-2222CAB18E11}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{D572F157-F436-46C2-8B76-E5E399612BCA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
    IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mkg030&p="
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=8"
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MI78E4~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MI78E4~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ASHLEY (Admin.)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ASHLEY (Admin.)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/21 11:57:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 22:28:23 | 000,000,000 | ---D | M]

    [2011/08/21 16:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Extensions
    [2012/07/20 15:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\extensions
    [2011/10/08 11:08:40 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    [2012/03/19 13:32:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/04/21 11:57:48 | 000,000,000 | ---D | M] (vshare.tv Community Toolbar) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
    [2011/10/05 11:37:28 | 000,000,929 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\searchplugins\conduit.xml
    [2011/08/21 16:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/05/30 14:09:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/04/21 11:57:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/08/31 03:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
    [2012/04/21 11:57:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/04/21 11:57:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========


    O1 HOSTS File: ([2012/08/05 23:13:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Gaming Mouse Hid] C:\Program Files (x86)\Gaming Mouse\hid.exe ()
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
    O4 - HKLM..\Run: [Spawn Gaming Mouse] C:\Program Files (x86)\CM Storm\Spawn Gaming Mouse\Spawn_Icon.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000..\Run: [MusicManager] C:\Users\ASHLEY (Admin.)\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\EXCEL.EXE (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
    O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
    O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab (SysInfo Class)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
    O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72C90611-1961-443E-9102-23FDABD339B9}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/06 17:40:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ASHLEY (Admin.)\Desktop\OTL.exe
    [2012/08/06 17:18:04 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Malwarebytes
    [2012/08/06 17:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/06 17:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/06 17:17:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/06 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/06 14:58:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/05 23:22:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/05 22:57:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/05 22:57:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/05 22:57:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/05 22:57:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/05 22:57:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/05 22:53:26 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\ASHLEY (Admin.)\Desktop\ComboFix.exe
    [2012/08/05 12:40:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{A62A8ADD-21C2-4956-AEF2-97643F94EF79}
    [2012/08/05 12:40:35 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{D1787E86-777E-461A-91E3-B99CE4777F91}
    [2012/08/04 12:11:50 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/04 11:23:37 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{3EB8D702-85AD-46F3-88A7-A8E8A8B126DA}
    [2012/08/04 11:23:28 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{9B005808-7F1A-4AD4-9C0A-B1675E9CAEB9}
    [2012/08/01 11:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/08/01 11:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
    [2012/08/01 11:26:54 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\ArcSoft
    [2012/08/01 11:26:51 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\HP SureStore Application
    [2012/08/01 11:21:50 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{A6AF5BF9-6707-4DED-97EF-CF9AAB9832BF}
    [2012/08/01 11:21:40 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{94812D0B-6621-483D-A6E0-E35A52B5C99B}
    [2012/07/31 22:31:06 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{58267674-092A-4BB6-9032-424BC63A3B6A}
    [2012/07/31 22:30:56 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{94890400-CF65-4C64-A61D-58BB9E5E573E}
    [2012/07/24 13:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/24 11:30:11 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{0F20805B-9FF8-4850-88AE-B00C7AFE78B3}
    [2012/07/24 11:29:55 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{EE295C1E-2E47-413F-82D4-9CED7B7F6F6B}
    [2012/07/23 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{2D584ED4-11CC-40AF-81DA-CED0A4F49232}
    [2012/07/23 22:36:35 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{FA0B1081-8AC9-40DA-AA03-1BC72209822C}
    [2012/07/23 17:27:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/23 10:36:22 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{7DBBA6C0-8C59-4A4F-890F-DC0FA1CB8184}
    [2012/07/23 10:36:11 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{2166DEF6-427E-46AF-8A53-9093F51600A9}
    [2012/07/22 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{94136B68-A232-4425-8DCF-0FC063B58CFC}
    [2012/07/22 15:58:26 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{09D79907-F950-4A59-8427-BEBBE47D8C5D}
    [2012/07/21 12:13:03 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C3373312-9AF6-4CD7-B855-B62F39C53169}
    [2012/07/21 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{029DCE34-387A-4240-A9B6-AAF602301ADA}
    [2012/07/21 00:06:21 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{EFF080B6-F853-4CCF-9EDE-C5AA8E15365B}
    [2012/07/21 00:06:11 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{EB905DE6-813E-41E2-BFB2-FABF673B3728}
    [2012/07/20 12:05:58 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{72498C43-3BCF-491F-A399-E8B18DD23E99}
    [2012/07/20 12:05:49 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{9E8F8BFF-EDE6-47DC-BAD7-170B52E38024}
    [2012/07/19 12:58:13 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{E4E0279D-5940-4510-972D-0DBA4ECB9045}
    [2012/07/19 12:58:04 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{6CF47B3D-F7F5-4D3E-ACB0-0BF63D1FDEF4}
    [2012/07/18 13:25:05 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{E1EA2E56-2E1A-4D79-A95E-65D8E6C9B34F}
    [2012/07/18 13:24:31 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{15612DD5-FAAB-4F5E-83E6-9F95F95810F2}
    [2012/07/17 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C876F9DA-E585-4EA1-AC27-714ACF2F9BEC}
    [2012/07/17 12:49:02 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{E1031043-1914-4F3D-BA69-5B020D9AF557}
    [2012/07/16 20:50:44 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C145CDD4-50C4-422E-9D5D-5604CA2795CC}
    [2012/07/16 20:50:34 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{EAA304DC-34F1-4236-8872-5F38ED30F235}
    [2012/07/15 14:09:18 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{47B25E66-AD4B-44B0-8662-5F427453B9DF}
    [2012/07/15 14:09:05 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{857EB0B0-C936-4CC8-AF2C-57C18333AEBC}
    [2012/07/15 02:05:25 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{1309ECF8-63B6-441B-92C4-363C0835E67D}
    [2012/07/15 02:05:15 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{9B17D21E-660B-48E6-BE0B-03543A240552}
    [2012/07/14 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{B2DBB110-BEA7-4CFE-AB0E-7B4CFE970EC8}
    [2012/07/14 14:04:34 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C8D8D554-703E-456B-A29D-DA8D9E6D8E25}
    [2012/07/13 14:01:02 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{A3CF672B-2FE8-45D9-9970-78A9E192762C}
    [2012/07/13 14:00:50 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C59658A6-A670-418B-84AF-59652EF2B287}
    [2012/07/12 14:14:48 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{37057AD5-A2C9-44A9-828E-631B02759C8A}
    [2012/07/12 14:14:36 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{0194D104-4EAC-4838-89CE-FAC4273BCA18}
    [2012/07/11 18:17:10 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
    [2012/07/11 18:17:04 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\Programs
    [2012/07/11 18:16:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\Deployment
    [2012/07/11 18:16:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\Apps
    [2012/07/11 13:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2012/07/11 13:49:52 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{DC17E996-2F0E-43DE-9FE9-EE0998BC0B22}
    [2012/07/11 13:49:35 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{E64575BC-10A4-4D74-B3A6-44FF3B672126}
    [2012/07/10 14:21:58 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{27E22EFD-32B6-40F7-92C4-6A953A242AE0}
    [2012/07/10 14:21:43 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{3977B127-5EC0-46E9-A4C7-34464146B8D6}
    [2012/07/09 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{900FC53F-0B1F-49CF-BB3F-FE8CF7BF4F74}
    [2012/07/09 16:16:39 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C994C016-79EE-475D-B92E-82DCD667D559}
    [2012/07/08 14:29:31 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{ED8EEE19-097D-4F2C-8B52-4FE257CCD8F2}
    [2012/07/08 14:29:21 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{E0CAE462-3E72-4727-8488-B9993E968A41}
    [2012/07/08 02:28:55 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{D5DEEB99-9D6C-4C33-8E04-F878289235E1}
    [2012/07/08 02:28:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{437EE68A-8444-4F4B-B440-9C87B6A983D4}

    ========== Files - Modified Within 30 Days ==========

    [2012/08/06 17:40:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ASHLEY (Admin.)\Desktop\OTL.exe
    [2012/08/06 17:37:51 | 000,706,778 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/06 17:37:51 | 000,606,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/06 17:37:51 | 000,105,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/06 17:32:02 | 000,006,944 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\AppData\Local\d3d9caps.dat
    [2012/08/06 17:31:44 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/06 17:31:44 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/06 17:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/06 17:31:39 | 4294,156,287 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/06 17:21:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000UA.job
    [2012/08/06 17:17:44 | 000,000,989 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/08/06 17:17:44 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte Anti-Malware.lnk
    [2012/08/06 15:27:50 | 000,002,709 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Word 2010.lnk
    [2012/08/06 15:27:27 | 000,011,872 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\wklnhst.dat
    [2012/08/05 23:13:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/05 22:53:26 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\ASHLEY (Admin.)\Desktop\ComboFix.exe
    [2012/08/04 20:49:21 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/08/04 20:49:21 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/08/04 20:49:08 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/08/04 20:20:59 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000Core.job
    [2012/08/04 19:42:39 | 000,399,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/02 23:05:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/08/01 11:52:43 | 000,721,626 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/14 14:53:08 | 000,001,843 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk
    [2012/07/11 13:51:54 | 000,001,011 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/06 17:17:44 | 000,000,989 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/08/06 17:17:44 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte Anti-Malware.lnk
    [2012/08/05 22:57:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/05 22:57:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/05 22:57:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/05 22:57:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/05 22:57:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/04 19:42:17 | 4294,156,287 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/01 11:52:46 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/14 14:53:08 | 000,001,843 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk
    [2012/07/14 14:40:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/07/14 14:39:28 | 000,721,626 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/11 18:16:56 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000UA.job
    [2012/07/11 18:16:56 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000Core.job
    [2012/07/11 13:51:54 | 000,001,011 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2012/05/02 19:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2012/04/07 12:28:58 | 000,006,944 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\AppData\Local\d3d9caps.dat
    [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/07/31 16:29:48 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2011/07/06 17:11:56 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011/06/30 19:33:33 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE32.EXE
    [2011/06/05 22:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/05/31 16:49:55 | 000,004,608 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/30 16:15:26 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/05/30 16:15:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/05/30 16:15:07 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
    [2011/05/30 13:01:15 | 000,150,211 | ---- | C] () -- C:\Windows\hpwins05.dat
    [2011/05/30 13:00:49 | 000,011,872 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\wklnhst.dat
    [2011/05/30 01:32:26 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2011/05/30 01:32:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2011/05/30 01:31:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2011/05/29 19:18:54 | 000,002,188 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\AppData\Local\d3d9caps64.dat
    [2011/05/29 17:47:21 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2011/05/29 17:01:39 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
    [2011/05/29 17:01:39 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll

    ========== LOP Check ==========

    [2011/10/08 11:08:39 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Complitly
    [2011/09/01 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Gaming Mouse
    [2012/02/19 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\MW3 FoV Changer
    [2012/01/17 15:49:11 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Origin
    [2011/05/29 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\PictureMover
    [2011/05/30 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Template
    [2012/01/11 13:55:07 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Tific
    [2012/06/25 17:55:36 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\TuneUp Software
    [2011/05/29 19:49:21 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2012/08/06 17:29:14 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
  23. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    Extras.txt

    OTL Extras logfile created on: 8/6/2012 5:42:47 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\ASHLEY (Admin.)\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 78.72% Memory free
    16.05 Gb Paging File | 14.15 Gb Available in Paging File | 88.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 918.53 Gb Total Space | 623.30 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
    Drive D: | 12.98 Gb Total Space | 1.77 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

    Computer Name: MOMS-COMPUTER | User Name: ASHLEY (Admin.) | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 35 78 BA 46 A8 1E CC 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
    "{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5800B5A7-176D-C773-7BA0-AABB25C57591}" = ATI Problem Report Wizard
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CB5340E7-7745-7B18-1413-C14508C2AC2B}" = ATI AVIVO64 Codecs
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PC-Doctor for Windows" = Hardware Diagnostic Tools

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
    "{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0EBEAC4B-8222-4FBB-958D-88E9C68B18F0}" = Spawn Gaming Mouse
    "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
    "{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
    "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
    "{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
    "{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
    "{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
    "{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
    "{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
    "{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
    "{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
    "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{50974B3A-B8D5-4C7B-9D23-ED0EC9517B45}" = PL-2303 USB-to-Serial
    "{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
    "{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
    "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
    "{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
    "{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
    "{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
    "{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
    "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A495D4DC-4036-4914-9CB2-0FCF6A3166EF}" = L7500
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A6969662-90F5-407B-A67B-196E3554670E}_is1" = COD4 Patch Selector version 1.2.0
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
    "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "{C52DE33F-117A-4EC8-8A32-084E828D7B1E}" = Gaming Mouse
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{CE8C262E-5DB4-C8AC-7DA2-DC88767653A1}" = HydraVision
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
    "{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
    "{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
    "{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
    "{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
    "{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy
    "{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
    "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Call of Duty Modern Warfare - Version Changer [UK]" = Call of Duty Modern Warfare - Version Changer [UK]
    "Company of Heroes" = Company of Heroes
    "ESN Sonar-0.70.4" = ESN Sonar
    "HTPE3" = HyperTerminal Private Edition v7.0
    "ieSpell" = ieSpell
    "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "OpenAL" = OpenAL
    "Origin" = Origin
    "PokerStars.net" = PokerStars.net
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 28050" = Deus Ex: Human Revolution
    "Steam App 42680" = Call of Duty: Modern Warfare 3
    "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
    "Steam App 42700" = Call of Duty: Black Ops
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
    "Steam App 44320" = DiRT 3
    "Veetle TV" = Veetle TV
    "vShare.tv plugin" = vShare.tv plugin 1.3
    "WildTangent hp Master Uninstall" = My HP Games
    "WinLiveSuite" = Windows Live Essentials
    "Xfire" = Xfire (remove only)
    "XfireXO Toolbar" = XfireXO Toolbar
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3400093660-3584223705-3264246961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "MusicManager" = Music Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/11/2012 4:48:43 PM | Computer Name = Moms-Computer | Source = WinMgmt | ID = 10
    Description =

    Error - 7/12/2012 5:13:27 PM | Computer Name = Moms-Computer | Source = WinMgmt | ID = 10
    Description =

    Error - 7/13/2012 5:00:01 PM | Computer Name = Moms-Computer | Source = WinMgmt | ID = 10
    Description =

    Error - 7/14/2012 5:03:47 PM | Computer Name = Moms-Computer | Source = WinMgmt | ID = 10
    Description =

    Error - 7/14/2012 5:34:37 PM | Computer Name = Moms-Computer | Source = WinMgmt | ID = 10
    Description =

    Error - 7/14/2012 5:51:58 PM | Computer Name = Moms-Computer | Source = WinMgmt | ID = 10
    Description =

    Error - 7/14/2012 11:31:36 PM | Computer Name = Moms-Computer | Source = Application Hang | ID = 1002
    Description = The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 14f8 Start Time: 01cd6239727105c0 Termination Time: 3

    Error - 7/15/2012 5:08:03 PM | Computer Name = Moms-Computer | Source = WinMgmt | ID = 10
    Description =

    Error - 7/16/2012 11:49:33 PM | Computer Name = Moms-Computer | Source = WinMgmt | ID = 10
    Description =

    Error - 7/17/2012 3:47:22 PM | Computer Name = Moms-Computer | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 8/6/2012 5:58:31 PM | Computer Name = Moms-Computer | Source = Microsoft Antimalware | ID = 5101
    Description = %%860 grace period has expired. Protection against viruses, spyware,
    and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
    Date (UTC): ?8/?6/?2012 9:58:31 PM Error Code: 0x80092003 Error Description: An error
    occurred while reading or writing to a file.

    Error - 8/6/2012 5:58:41 PM | Computer Name = Moms-Computer | Source = Service Control Manager | ID = 7026
    Description =

    Error - 8/6/2012 5:58:52 PM | Computer Name = Moms-Computer | Source = WMPNetworkSvc | ID = 866312
    Description =

    Error - 8/6/2012 5:58:52 PM | Computer Name = Moms-Computer | Source = WMPNetworkSvc | ID = 866312
    Description =

    Error - 8/6/2012 5:59:07 PM | Computer Name = Moms-Computer | Source = Service Control Manager | ID = 7023
    Description =

    Error - 8/6/2012 8:31:44 PM | Computer Name = Moms-Computer | Source = Microsoft Antimalware | ID = 5101
    Description = %%860 grace period has expired. Protection against viruses, spyware,
    and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
    Date (UTC): ?8/?7/?2012 12:31:44 AM Error Code: 0x80092003 Error Description: An
    error occurred while reading or writing to a file.

    Error - 8/6/2012 8:31:53 PM | Computer Name = Moms-Computer | Source = Service Control Manager | ID = 7026
    Description =

    Error - 8/6/2012 8:31:55 PM | Computer Name = Moms-Computer | Source = Service Control Manager | ID = 7023
    Description =

    Error - 8/6/2012 8:32:15 PM | Computer Name = Moms-Computer | Source = WMPNetworkSvc | ID = 866312
    Description =

    Error - 8/6/2012 8:32:15 PM | Computer Name = Moms-Computer | Source = WMPNetworkSvc | ID = 866312
    Description =


    < End of report >
  24. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. LA_Kings_Fan

    LA_Kings_Fan TechSpot Member Topic Starter Posts: 35

    RUN FIX Log

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry value HKEY_USERS\S-1-5-21-3400093660-3584223705-3264246961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control vzTCPConfig
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: ASHLEY (Admin.)
    ->Temp folder emptied: 1233900 bytes
    ->Temporary Internet Files folder emptied: 229027684 bytes
    ->Java cache emptied: 697523 bytes
    ->FireFox cache emptied: 65115097 bytes
    ->Flash cache emptied: 334811 bytes

    User: ASHLEY~1~)
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: UpdatusUser.MOMS-COMPUTER
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10544 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 54552860 bytes
    RecycleBin emptied: 10823836 bytes

    Total Files Cleaned = 345.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: ASHLEY (Admin.)
    ->Java cache emptied: 0 bytes

    User: ASHLEY~1~)

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    User: UpdatusUser.MOMS-COMPUTER

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: ASHLEY (Admin.)
    ->Flash cache emptied: 0 bytes

    User: ASHLEY~1~)

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser.MOMS-COMPUTER
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08062012_181548
    Files\Folders moved on Reboot...
    File\Folder C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TS3J4YTA\net[1].htm not found!
    PendingFileRenameOperations files...
    File C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TS3J4YTA\net[1].htm not found!
    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.