Solved Yet another Win64.sirefef._ _ Trojan help request ...

LA_Kings_Fan · Aug 6, 2012

SecurityCheck.exe - checkup.txt

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 26
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

LA_Kings_Fan · Aug 6, 2012

FSS.txt

Farbar Service Scanner Version: 06-08-2012
Ran by ASHLEY (Admin.) (administrator) on 06-08-2012 at 18:31:35
Running from "C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GN2OHH9K"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
C:\Windows\System32\drivers\afd.sys
[2012-02-14 15:28] - [2012-01-03 07:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 13:10] - [2012-03-30 05:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A
C:\Windows\System32\dnsrslvr.dll
[2011-05-29 22:52] - [2011-03-02 09:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
C:\Windows\System32\mpssvc.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2011-05-30 01:31] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2011-05-30 01:31] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2011-05-30 01:31] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2012-06-12 15:30] - [2012-04-23 09:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

LA_Kings_Fan · Aug 6, 2012

... an hour and a half later ESET is still going

.
2 infected files / threats found so far ...
- JS/Redirector.NCA trojan
- Win32/BHO.OEI trojan

================================
ESETScan.txt

C:\Users\ASHLEY (Admin.)\AppData\Local\Google\Chrome\User Data\Default\Default\aagcdbggdgdddfdegdgbgddgdegfdegg\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\extensions\rmkoduuvlz@rmkoduuvlz.org.xpi JS/Redirector.NCA trojan deleted - quarantined

=================================

I think that's everything you wanted ? Done. (y)

Broni · Aug 7, 2012

Make sure you re-enable MSE.

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

===================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

========================================

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

LA_Kings_Fan · Aug 7, 2012

Make sure you re-enable MSE - I want to actually REMOVE MSE . . . and replace it with Kaspersky PURE 2.0 that I just bought.
But MSE doesn't seem to want to UNINTALL using Windows Add / Remove Programs ...
which in turn is keeping Kaspersky from installing ... help ?

Update Adobe Flash Player - CHECK

Update Java and Uninstall OLD Java - CHECK

LA_Kings_Fan · Aug 7, 2012

Hmmmm can't seem to create a System Restore Point ?
when I get to the "SYSTEM PROTECTION" Tab ... it gets stuck searching for Available Disk ? doesn't see my C drive ?
or should it take longer than 2-3 minutes for it to complete its search ?

Nevermind it finally found everything ... sorry

Broni · Aug 7, 2012

I need new FSS log.

As for MSE....

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on the program you want to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
When the built-in uninstaller is finished click on Next
Once the program has searched for leftovers click Next.
Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
When prompted click on Yes and then on Next.
Put a check on any folders that are found and select Delete
When prompted select Yes then Next
Once done click Finish.

LA_Kings_Fan · Aug 7, 2012

Run bits.reg to update corrupted registry key - CHECK

New FSS log - coming shortly

LA_Kings_Fan · Aug 7, 2012

new FFS.txt log
===============================

Farbar Service Scanner Version: 06-08-2012
Ran by ASHLEY (Admin.) (administrator) on 07-08-2012 at 14:40:46
Running from "C:\Users\ASHLEY (Admin.)\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
C:\Windows\System32\drivers\afd.sys
[2012-02-14 15:28] - [2012-01-03 07:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 13:10] - [2012-03-30 05:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A
C:\Windows\System32\dnsrslvr.dll
[2011-05-29 22:52] - [2011-03-02 09:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
C:\Windows\System32\mpssvc.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2011-05-30 01:31] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2011-05-30 01:31] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2011-05-30 01:31] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2012-06-12 15:30] - [2012-04-23 09:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-05-30 01:32] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

Broni · Aug 7, 2012

Looks good

What about Revo?

LA_Kings_Fan · Aug 7, 2012

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.

Letting you know it isn't listed.

of course nothing here is simple ... lol

Also ... I still got the ERROR CODE pop up # 0x80070002 after the recent ReBoot.

Also #2 ... I noticed a couple of items in REVO that I have NO Idea what they are or how they got installed on my computer ...
- ESN Sonar
- MPM
- OpenAL
- Python 2.5.2
- Rapture 3D 2.4.8 Game
I'm wondering if they got there with the trojan issue ? and should I look to delete them ? can you tell me WHAT they are ?

Broni · Aug 7, 2012

When exactly the error happens and what is the full wording of it?

LA_Kings_Fan · Aug 7, 2012

I get THIS right upon StartUp / Restore Boot Up of Windows Vista ...

Broni · Aug 7, 2012

That comes from MSE.

Those Revo items look legit.

Post fresh "Quick scan" log from OTL.
Only one log will be produced.

LA_Kings_Fan · Aug 7, 2012

Yeah, I guess, after some google searching found ...
- ESN Sonar { seems to be some background social program loaded w/ BattleField3 game play for online comunications ? }
- MPM { part of HP Printer program files ? }
- OpenAL { program from Creative Labs Inc part of voice chat or something ? }
- Python 2.5.2 { This one has me a bit worried, a Powerful scripts Writing executable programing language ? know I didn't install it. }
- Rapture 3D game { part of program loaded w/ DIRT3 game }

LA_Kings_Fan · Aug 7, 2012

OTL.txt log
======================

OTL logfile created on: 8/7/2012 3:49:02 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\ASHLEY (Admin.)\Desktop\Anti-Virus & Malware ext
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 75.61% Memory free
16.05 Gb Paging File | 13.91 Gb Available in Paging File | 86.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.53 Gb Total Space | 622.93 Gb Free Space | 67.82% Space Free | Partition Type: NTFS
Drive D: | 12.98 Gb Total Space | 1.77 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: MOMS-COMPUTER | User Name: ASHLEY (Admin.) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 14:04:33 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/08/06 17:40:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ASHLEY (Admin.)\Desktop\Anti-Virus & Malware ext\OTL.exe
PRC - [2012/05/14 20:50:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/09/18 21:24:04 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 16:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 16:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/10/06 13:36:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/10/06 13:36:14 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/09/26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2008/10/17 16:57:20 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/11 10:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/09/04 04:35:08 | 000,434,688 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/07 14:10:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 16:20:36 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/14 20:50:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/03 04:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 13:36:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/11 11:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 09:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 05:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/07/06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/10/25 18:04:46 | 000,384,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/01/11 16:36:32 | 000,011,520 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Asusgms.sys -- (AsusgmsFltr)
DRV:64bit: - [2009/08/23 07:01:54 | 000,117,776 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/09/10 06:09:48 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/09/10 06:08:04 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/09/10 06:07:02 | 001,486,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2008/09/09 18:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/09/04 04:34:58 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/09/02 06:21:04 | 008,034,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/02/12 17:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2006/06/19 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/09/26 02:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4F7F0E39-C4BE-4626-832A-58B50CC1396C}
IE:64bit: - HKLM\..\SearchScopes\{4F7F0E39-C4BE-4626-832A-58B50CC1396C}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D572F157-F436-46C2-8B76-E5E399612BCA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{4F7F0E39-C4BE-4626-832A-58B50CC1396C}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
IE - HKLM\..\SearchScopes\{D572F157-F436-46C2-8B76-E5E399612BCA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes,DefaultScope = {4F7F0E39-C4BE-4626-832A-58B50CC1396C}
IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{4F7F0E39-C4BE-4626-832A-58B50CC1396C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{91E12EF1-474D-460C-A2F7-2222CAB18E11}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{D572F157-F436-46C2-8B76-E5E399612BCA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=8"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MI78E4~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MI78E4~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ASHLEY (Admin.)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ASHLEY (Admin.)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/21 11:57:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 22:28:23 | 000,000,000 | ---D | M]

[2011/08/21 16:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Extensions
[2012/08/06 19:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\extensions
[2011/10/08 11:08:40 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/03/19 13:32:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/04/21 11:57:48 | 000,000,000 | ---D | M] (vshare.tv Community Toolbar) -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2011/10/05 11:37:28 | 000,000,929 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Mozilla\Firefox\Profiles\vrypo5qb.default\searchplugins\conduit.xml
[2011/08/21 16:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/30 14:09:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/04/21 11:57:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/31 03:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/04/21 11:57:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 11:57:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

O1 HOSTS File: ([2012/08/05 23:13:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Gaming Mouse Hid] C:\Program Files (x86)\Gaming Mouse\hid.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000..\Run: [MusicManager] C:\Users\ASHLEY (Admin.)\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office Professional 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72C90611-1961-443E-9102-23FDABD339B9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 14:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/08/07 14:47:56 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/08/07 14:30:08 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\Desktop\Vista Registry Edit
[2012/08/07 14:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/07 14:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/07 14:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/07 12:18:38 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\ElevatedDiagnostics
[2012/08/06 21:35:55 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\Desktop\Anti-Virus & Malware ext
[2012/08/06 18:15:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/06 17:18:04 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Malwarebytes
[2012/08/06 17:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/06 17:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/06 17:17:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/06 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/06 14:58:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/05 23:22:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/05 22:57:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/05 22:57:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/05 22:57:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/05 22:57:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/05 22:57:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/05 22:53:26 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\ASHLEY (Admin.)\Desktop\ComboFix.exe
[2012/08/05 12:40:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{A62A8ADD-21C2-4956-AEF2-97643F94EF79}
[2012/08/05 12:40:35 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{D1787E86-777E-461A-91E3-B99CE4777F91}
[2012/08/04 12:11:50 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/04 11:23:37 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{3EB8D702-85AD-46F3-88A7-A8E8A8B126DA}
[2012/08/04 11:23:28 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{9B005808-7F1A-4AD4-9C0A-B1675E9CAEB9}
[2012/08/01 11:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/01 11:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/08/01 11:26:54 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\ArcSoft
[2012/08/01 11:26:51 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\HP SureStore Application
[2012/08/01 11:21:50 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{A6AF5BF9-6707-4DED-97EF-CF9AAB9832BF}
[2012/08/01 11:21:40 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{94812D0B-6621-483D-A6E0-E35A52B5C99B}
[2012/07/31 22:31:06 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{58267674-092A-4BB6-9032-424BC63A3B6A}
[2012/07/31 22:30:56 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{94890400-CF65-4C64-A61D-58BB9E5E573E}
[2012/07/24 13:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/24 11:30:11 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{0F20805B-9FF8-4850-88AE-B00C7AFE78B3}
[2012/07/24 11:29:55 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{EE295C1E-2E47-413F-82D4-9CED7B7F6F6B}
[2012/07/23 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{2D584ED4-11CC-40AF-81DA-CED0A4F49232}
[2012/07/23 22:36:35 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{FA0B1081-8AC9-40DA-AA03-1BC72209822C}
[2012/07/23 17:27:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/23 10:36:22 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{7DBBA6C0-8C59-4A4F-890F-DC0FA1CB8184}
[2012/07/23 10:36:11 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{2166DEF6-427E-46AF-8A53-9093F51600A9}
[2012/07/22 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{94136B68-A232-4425-8DCF-0FC063B58CFC}
[2012/07/22 15:58:26 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{09D79907-F950-4A59-8427-BEBBE47D8C5D}
[2012/07/21 12:13:03 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C3373312-9AF6-4CD7-B855-B62F39C53169}
[2012/07/21 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{029DCE34-387A-4240-A9B6-AAF602301ADA}
[2012/07/21 00:06:21 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{EFF080B6-F853-4CCF-9EDE-C5AA8E15365B}
[2012/07/21 00:06:11 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{EB905DE6-813E-41E2-BFB2-FABF673B3728}
[2012/07/20 12:05:58 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{72498C43-3BCF-491F-A399-E8B18DD23E99}
[2012/07/20 12:05:49 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{9E8F8BFF-EDE6-47DC-BAD7-170B52E38024}
[2012/07/19 12:58:13 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{E4E0279D-5940-4510-972D-0DBA4ECB9045}
[2012/07/19 12:58:04 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{6CF47B3D-F7F5-4D3E-ACB0-0BF63D1FDEF4}
[2012/07/18 13:25:05 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{E1EA2E56-2E1A-4D79-A95E-65D8E6C9B34F}
[2012/07/18 13:24:31 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{15612DD5-FAAB-4F5E-83E6-9F95F95810F2}
[2012/07/17 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C876F9DA-E585-4EA1-AC27-714ACF2F9BEC}
[2012/07/17 12:49:02 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{E1031043-1914-4F3D-BA69-5B020D9AF557}
[2012/07/16 20:50:44 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C145CDD4-50C4-422E-9D5D-5604CA2795CC}
[2012/07/16 20:50:34 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{EAA304DC-34F1-4236-8872-5F38ED30F235}
[2012/07/15 14:09:18 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{47B25E66-AD4B-44B0-8662-5F427453B9DF}
[2012/07/15 14:09:05 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{857EB0B0-C936-4CC8-AF2C-57C18333AEBC}
[2012/07/15 02:05:25 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{1309ECF8-63B6-441B-92C4-363C0835E67D}
[2012/07/15 02:05:15 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{9B17D21E-660B-48E6-BE0B-03543A240552}
[2012/07/14 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{B2DBB110-BEA7-4CFE-AB0E-7B4CFE970EC8}
[2012/07/14 14:04:34 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C8D8D554-703E-456B-A29D-DA8D9E6D8E25}
[2012/07/13 14:01:02 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{A3CF672B-2FE8-45D9-9970-78A9E192762C}
[2012/07/13 14:00:50 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C59658A6-A670-418B-84AF-59652EF2B287}
[2012/07/12 14:14:48 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{37057AD5-A2C9-44A9-828E-631B02759C8A}
[2012/07/12 14:14:36 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{0194D104-4EAC-4838-89CE-FAC4273BCA18}
[2012/07/11 18:17:10 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2012/07/11 18:17:04 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\Programs
[2012/07/11 18:16:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\Deployment
[2012/07/11 18:16:45 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\Apps
[2012/07/11 13:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/07/11 13:49:52 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{DC17E996-2F0E-43DE-9FE9-EE0998BC0B22}
[2012/07/11 13:49:35 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{E64575BC-10A4-4D74-B3A6-44FF3B672126}
[2012/07/10 14:21:58 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{27E22EFD-32B6-40F7-92C4-6A953A242AE0}
[2012/07/10 14:21:43 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{3977B127-5EC0-46E9-A4C7-34464146B8D6}
[2012/07/09 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{900FC53F-0B1F-49CF-BB3F-FE8CF7BF4F74}
[2012/07/09 16:16:39 | 000,000,000 | ---D | C] -- C:\Users\ASHLEY (Admin.)\AppData\Local\{C994C016-79EE-475D-B92E-82DCD667D559}

========== Files - Modified Within 30 Days ==========

[2012/08/07 15:21:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000UA.job
[2012/08/07 15:11:37 | 000,706,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/07 15:11:37 | 000,606,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/07 15:11:37 | 000,105,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/07 15:10:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/07 15:05:38 | 000,006,944 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\AppData\Local\d3d9caps.dat
[2012/08/07 15:05:26 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 15:05:26 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 15:05:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 15:05:20 | 4294,156,287 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 20:21:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000Core.job
[2012/08/06 17:17:44 | 000,000,989 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/06 17:17:44 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte Anti-Malware.lnk
[2012/08/06 15:27:50 | 000,002,709 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Word 2010.lnk
[2012/08/06 15:27:27 | 000,011,872 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\wklnhst.dat
[2012/08/05 23:13:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/05 22:53:26 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\ASHLEY (Admin.)\Desktop\ComboFix.exe
[2012/08/04 20:49:21 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/08/04 20:49:21 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/04 20:49:08 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/08/04 19:42:39 | 000,399,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/02 23:05:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/01 11:52:43 | 000,721,626 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/14 14:53:08 | 000,001,843 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk
[2012/07/11 13:51:54 | 000,001,011 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

========== Files Created - No Company Name ==========

[2012/08/07 14:04:33 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 17:17:44 | 000,000,989 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/06 17:17:44 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte Anti-Malware.lnk
[2012/08/05 22:57:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 22:57:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 22:57:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 22:57:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 22:57:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 19:42:17 | 4294,156,287 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/01 11:52:46 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/14 14:53:08 | 000,001,843 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk
[2012/07/14 14:40:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/14 14:39:28 | 000,721,626 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/11 18:16:56 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000UA.job
[2012/07/11 18:16:56 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400093660-3584223705-3264246961-1000Core.job
[2012/07/11 13:51:54 | 000,001,011 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/02 19:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/04/07 12:28:58 | 000,006,944 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\AppData\Local\d3d9caps.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/31 16:29:48 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/06 17:11:56 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/06/30 19:33:33 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE32.EXE
[2011/06/05 22:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/31 16:49:55 | 000,004,608 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 16:15:26 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/30 16:15:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/30 16:15:07 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/05/30 13:01:15 | 000,150,211 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/05/30 13:00:49 | 000,011,872 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\wklnhst.dat
[2011/05/30 01:32:26 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/05/30 01:32:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/05/30 01:31:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/05/29 19:18:54 | 000,002,188 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\AppData\Local\d3d9caps64.dat
[2011/05/29 17:47:21 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/05/29 17:01:39 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2011/05/29 17:01:39 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll

========== LOP Check ==========

[2011/10/08 11:08:39 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Complitly
[2011/09/01 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Gaming Mouse
[2012/02/19 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\MW3 FoV Changer
[2012/01/17 15:49:11 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Origin
[2011/05/29 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\PictureMover
[2011/05/30 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Template
[2012/01/11 13:55:07 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\Tific
[2012/06/25 17:55:36 | 000,000,000 | ---D | M] -- C:\Users\ASHLEY (Admin.)\AppData\Roaming\TuneUp Software
[2011/05/29 19:49:21 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/08/07 15:02:54 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Broni · Aug 7, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
[2012/07/14 14:53:08 | 000,001,843 | ---- | M] () -- C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk
[2012/08/01 11:52:46 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/14 14:53:08 | 000,001,843 | ---- | C] () -- C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk


:Services

:Reg

:Files
c:\Program Files\Microsoft Security Client

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

See if you can install Kaspersky now.

LA_Kings_Fan · Aug 7, 2012

OTL Run Fix Log

All processes killed
========== OTL ==========
Service NisSrv stopped successfully!
Service NisSrv deleted successfully!
c:\Program Files\Microsoft Security Client\NisSrv.exe moved successfully.
Service MsMpSvc stopped successfully!
Service MsMpSvc deleted successfully!
c:\Program Files\Microsoft Security Client\MsMpEng.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC deleted successfully.
c:\Program Files\Microsoft Security Client\msseces.exe moved successfully.
C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk moved successfully.
File C:\Users\ASHLEY (Admin.)\Desktop\Microsoft Security Essentials.lnk not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\Program Files\Microsoft Security Client\en-us folder moved successfully.
c:\Program Files\Microsoft Security Client folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: ASHLEY (Admin.)
->Temp folder emptied: 2740371 bytes
->Temporary Internet Files folder emptied: 291562636 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1577 bytes

User: ASHLEY~1~)
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.MOMS-COMPUTER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35542 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3729232 bytes

Total Files Cleaned = 284.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: ASHLEY (Admin.)
->Java cache emptied: 0 bytes

User: ASHLEY~1~)

User: Default

User: Default User

User: Public

User: UpdatusUser

User: UpdatusUser.MOMS-COMPUTER

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: ASHLEY (Admin.)
->Flash cache emptied: 0 bytes

User: ASHLEY~1~)

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.MOMS-COMPUTER
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.56.0 log created on 08072012_162755
Files\Folders moved on Reboot...
File\Folder C:\Users\ASHLEY (Admin.)\AppData\Local\Temp\{0B737833-37E0-4CB6-B6A8-0F57C93D2E5E}\fpb.tmp not found!
PendingFileRenameOperations files...
File C:\Users\ASHLEY (Admin.)\AppData\Local\Temp\{0B737833-37E0-4CB6-B6A8-0F57C93D2E5E}\fpb.tmp not found!
Registry entries deleted on Reboot...

LA_Kings_Fan · Aug 7, 2012

OK cool ... the ERROR CODE pop up # 0x80070002 seems to be GONE , as well as MSE finally

I'll try to install Kaspersky ...

one last hiccup ... I get this pop up on Vista start up ...

... assuming it's got to do with my Video Card / an AMD HD-5770, previously had an nVidia 9800 GTX+ on the machine ... do I maybe need to sweep for left over nVidia drivers ?

Broni · Aug 7, 2012

It looks like some desktop manager from AMD:

O4 - HKU\S-1-5-21-3400093660-3584223705-3264246961-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

Do you need it?

LA_Kings_Fan · Aug 7, 2012

I'll have to get back to you on the HydraVision conflict ... not sure I want to just delete it and not have something work in Game with my video card, I can live that pop-up until I figure it out

...

ALSO as for KasperSky ... looks like it INSTALLED (y) and that MSE is in fact GONE (y)(y)
however, during installation, it said there was conflicting software installed on my system (though wouldn't list/tell me what they were) and that it would delete/disable said conflicts during installation, well it made me reboot three times during installation, and in the end looks like it DID INSTALL, but doesn't like MALWAREBYTES as it looks like it messed with that program, though from my understanding, it's a great program I should look to maybe somehow keep but not have running WITH at the same time as Kaspersky ?

Broni · Aug 7, 2012

MBAM should run with any AV program.
If Kaspersky complains uninstall MBAM and install free version, which doesn't run in real time but you can still use it for occasional scanning.

If no other issues...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

LA_Kings_Fan · Aug 7, 2012

Running KasperSky PURE 2.0 scans right now ...
- FULL Scan = NO THREATS
- Critical Area's Scan = NO THREATS
- Vulnerability Scan = 13 THREATS
Main Threats Recomended to be FIXED (Few others NO Fix "NEEDED".)
- QuickTime Player: File C:\Program Fils (x86)\Quicktime\QuicktimePlayer.exe (Detail Fix page on Net / add to exclusions list)
- AutoRun from HDDs allowed
- AutoRun from Network drives enabled
- MS Internet Explorer - disable caching data received via protected channel
- MS Internet Explorer - enable cache autocleanup on browser closing
- Removable media AutoRun is enabled
- CD/DVD AutoRun enabled
- MS Internet Explorer: clear history of typed URLs
- MS Internet Explorer: clear list of pop-up blocker exceptions
- MS Internet Explorer: deleted cookies
- MS Internet Explorer: disable sending error reports
- MS Internet Explorer: start page reset

Oddly ... NO 13th item shows up ? any advice on these ?

LA_Kings_Fan · Aug 7, 2012

OTL Run Fix LOG
==============================
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: ASHLEY (Admin.)
->Temp folder emptied: 230536495 bytes
->Temporary Internet Files folder emptied: 347758382 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 820 bytes

User: ASHLEY~1~)
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.MOMS-COMPUTER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 274657 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 552.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: ASHLEY (Admin.)
->Flash cache emptied: 0 bytes

User: ASHLEY~1~)

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.MOMS-COMPUTER
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: ASHLEY (Admin.)
->Java cache emptied: 0 bytes

User: ASHLEY~1~)

User: Default

User: Default User

User: Public

User: UpdatusUser

User: UpdatusUser.MOMS-COMPUTER

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08072012_193651
Files\Folders moved on Reboot...
C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3S2MZKC\ads[8].htm moved successfully.
C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\51CI1E53\page-3[1].htm moved successfully.
C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
PendingFileRenameOperations files...
File C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3S2MZKC\ads[8].htm not found!
File C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\51CI1E53\page-3[1].htm not found!
File C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\Users\ASHLEY (Admin.)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
Registry entries deleted on Reboot...

LA_Kings_Fan · Aug 7, 2012

BTW ... just noticed the HydraVision Pop-Up stopped now too (y)

Solved Yet another Win64.sirefef._ _ Trojan help request ...

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Similar threads