Inactive [A] Infected with Trojan:win64/Sirefef.W

[Fantafe]

Iv'e been infected by the worst trojan I've ever come across and I have no idea how to stop it. Not even malwarebytes seems to help. If anyone could help me get rid of this, it would be appreciated.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Fantafe]

I am unable to complete the preliminary removal instructions as I experience the critical error 1 minute reboot before I can complete any scans, same goes for safemode.

 

[Broni]

What Windows version is it?

 

[Fantafe]

Windows 7 64 bit.

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Fantafe]

Scan result of Farbar Recovery Scan Tool Version: 28-06-2012 02
Ran by SYSTEM at 29-06-2012 13:00:52
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418840 2011-03-25] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-03-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2012-06-03] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [307200 2011-06-14] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Spencer\...\Run: [Google Update] "C:\Users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-25] (Google Inc.)
HKLM-x32\...\Winlogon: [Userinit] c:\windows\syswow64\userinit.exe, [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
==================== Services (Whitelisted) ======
2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [1166848 2011-08-31] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel(R) Corporation)
2 FPLService; "C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe" [263496 2011-05-05] (HP)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2011-07-11] (Hewlett-Packard Development Company, L.P.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-22] (Intel Corporation)
========================== Drivers (Whitelisted) =============
3 AMPPAL; C:\Windows\System32\Drivers\AMPPAL.sys [299008 2011-08-08] (Windows (R) Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [299008 2011-08-08] (Windows (R) Win 7 DDK provider)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2010-07-28] (CyberLink Corporation)
3 iscFlash; \??\C:\Program Files (x86)\SP55068\iscflashx64.sys [49216 2011-01-19] (Insyde Software)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [367912 2011-11-14] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2011-12-01] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [230952 2012-02-24] (PC Tools)
0 szkg5; C:\Windows\SysWow64\DRIVERS\szkg64.sys [74768 2011-09-26] (iS3 Inc.)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-29 13:00 - 2012-06-29 13:01 - 00000000 ____D C:\FRST
2012-06-29 09:39 - 2012-06-29 09:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9B19F40BF3FF8EF
2012-06-29 08:33 - 2012-06-29 08:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CBC831A7E7F28E6
2012-06-29 08:33 - 2012-06-29 08:33 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\inafbuwk.sys
2012-06-29 08:28 - 2012-06-29 08:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7A74D6661D10C75
2012-06-29 08:25 - 2012-06-29 08:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FC6A5A549ED327F
2012-06-29 08:19 - 2012-06-29 09:40 - 00000280 ____A C:\Windows\setupact.log
2012-06-29 08:19 - 2012-06-29 08:19 - 00000000 ____A C:\Windows\setuperr.log
2012-06-29 08:17 - 2012-06-29 08:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4477EA1352089DB6
2012-06-29 08:10 - 2012-06-29 08:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-29 07:49 - 2012-06-29 07:49 - 00423736 ____A C:\Users\Spencer\Downloads\avgarkt-setup-1.1.0.42.exe
2012-06-29 07:35 - 2012-06-29 07:35 - 00000000 ____D C:\Users\Spencer\Downloads\RootRepeal
2012-06-29 07:34 - 2012-06-29 07:34 - 00464491 ____A C:\Users\Spencer\Downloads\RootRepeal.zip
2012-06-29 07:24 - 2012-06-29 07:24 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-29 07:24 - 2012-06-29 07:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-29 07:24 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 07:22 - 2012-06-29 07:22 - 00000000 ____D C:\Users\Spencer\AppData\Local\{8E1FF27C-25AC-4563-8716-39AFD294D7BA}
2012-06-29 02:07 - 2012-06-29 02:07 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-29 01:57 - 2012-06-29 01:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{135C3BC0-8C88-4D23-AA45-69D89B59D0BF}
2012-06-29 01:45 - 2012-06-29 01:46 - 00000000 ___SD C:\32788R22FWJFW
2012-06-29 01:45 - 2012-06-29 01:46 - 00000000 ____D C:\Windows\erdnt
2012-06-29 01:45 - 2012-06-29 01:46 - 00000000 ____D C:\Qoobox
2012-06-29 01:19 - 2012-06-29 01:19 - 00000000 __SHD C:\found.000
2012-06-29 01:14 - 2012-06-29 01:14 - 00000012 ____A C:\Users\Spencer\Desktop\ff.bat
2012-06-29 00:46 - 2012-01-12 08:28 - 00057976 ___RA (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-06-29 00:40 - 2012-06-29 00:40 - 00000468 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-06-29 00:40 - 2012-06-29 00:40 - 00000448 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-06-29 00:40 - 2012-06-29 00:40 - 00000424 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-06-29 00:40 - 2012-06-29 00:40 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\SpeedyPC Software
2012-06-29 00:40 - 2012-06-29 00:40 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\DriverCure
2012-06-29 00:31 - 2012-02-24 09:37 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-06-29 00:31 - 2012-02-24 09:36 - 00230952 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-06-29 00:31 - 2012-02-24 09:35 - 00014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-06-29 00:31 - 2012-02-24 09:31 - 00339608 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-06-29 00:31 - 2012-02-24 09:31 - 00145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-06-29 00:31 - 2011-12-01 15:07 - 01096688 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-06-29 00:31 - 2011-12-01 15:07 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-06-29 00:31 - 2011-11-14 14:12 - 00367912 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-06-29 00:29 - 2012-06-29 00:31 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\GetRightToGo
2012-06-29 00:09 - 2012-06-29 00:09 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\uvudvcet.sys
2012-06-28 20:14 - 2012-06-28 20:14 - 00000000 ____A C:\Windows\System32\services.exe.663F6946A30AF264
2012-06-28 13:35 - 2012-06-28 13:29 - 02048818 ____A C:\Users\Spencer\Downloads\FakeAVRemover_1.0.0.1019.zip
2012-06-28 11:38 - 2012-06-28 11:38 - 00000000 ____D C:\Users\Spencer\AppData\Local\{250D278D-FF16-428B-8815-F9011650F613}
2012-06-28 11:36 - 2012-06-28 11:42 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-06-28 10:32 - 2012-06-28 10:32 - 00000000 ____D C:\Users\Spencer\AppData\Local\{CA5692FC-94CB-4F5A-9DA8-C3F97D6B4380}
2012-06-28 10:32 - 2012-06-28 10:32 - 00000000 ____D C:\Users\Spencer\AppData\Local\{70058F6F-A1C2-4EB4-86EB-8E02F3340482}
2012-06-28 10:29 - 2012-06-28 10:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E410308AE1589539
2012-06-28 10:19 - 2012-06-29 08:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-28 10:05 - 2012-06-29 01:26 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-28 10:03 - 2012-06-29 08:23 - 00105666 ____A C:\Windows\WindowsUpdate.log
2012-06-28 10:02 - 2012-06-29 01:26 - 00000000 ____D C:\Users\Spencer\Downloads\tdsskiller
2012-06-28 10:02 - 2012-06-28 10:02 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Malwarebytes
2012-06-28 09:59 - 2012-06-28 09:59 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Spencer\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-28 09:55 - 2012-06-28 09:55 - 02109990 ____A C:\Users\Spencer\Downloads\tdsskiller.zip
2012-06-28 09:20 - 2012-06-28 09:20 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4A3C9494-1145-4662-9674-E092966A5A6B}
2012-06-28 09:14 - 2012-06-28 09:14 - 00000000 ____D C:\Users\Spencer\AppData\Local\{E91AB8AA-9AF2-49DD-A55D-36888AC22FC2}
2012-06-27 21:04 - 2012-06-29 01:26 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-27 11:39 - 2012-06-27 11:39 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D87D9047-B88D-43E8-8312-FF8B2FE9AC4A}
2012-06-27 11:39 - 2012-06-27 11:39 - 00000000 ____D C:\Users\Spencer\AppData\Local\{CB4E5EB8-66E1-4A26-9459-DFE02248355F}
2012-06-26 23:10 - 2012-06-26 23:13 - 120952520 ____A (AMD Inc.) C:\Users\Spencer\Downloads\amd_catalyst_11.5b_hotfix_8.85.6rc5_win7_may25.exe
2012-06-26 19:00 - 2012-06-26 19:00 - 00000000 ____D C:\Users\Spencer\AppData\Local\{95BC66A9-CE51-4489-B023-C90BB186C208}
2012-06-26 10:10 - 2012-06-26 10:10 - 00000000 ____D C:\Users\Spencer\AppData\Local\{506DACD5-7047-491E-82F9-6271533E6DB3}
2012-06-25 16:47 - 2012-06-25 16:47 - 00000000 ____D C:\Users\Spencer\Documents\Square Enix
2012-06-25 16:43 - 2012-06-29 01:26 - 00000000 ____D C:\Program Files (x86)\Just Cause 2
2012-06-25 13:28 - 2012-06-25 13:28 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-06-25 10:14 - 2012-06-25 10:14 - 00000000 ____D C:\Users\Spencer\AppData\Local\{86A6C74E-C3F0-4154-A7B3-D68377BA2FB1}
2012-06-25 10:13 - 2012-06-25 10:14 - 00000000 ____D C:\Users\Spencer\AppData\Local\{AFF3C4F7-3111-455D-BD54-06807FF6D09B}
2012-06-24 21:31 - 2012-06-24 21:31 - 00000000 ____D C:\Users\Spencer\AppData\Local\{B029511B-16ED-4689-A9EB-E0993E306109}
2012-06-24 21:31 - 2012-06-24 21:31 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3CA2EEEE-1312-4A1C-B71E-335ECAACD9D6}
2012-06-24 17:47 - 2012-06-24 17:47 - 00000000 ____D C:\Users\Spencer\AppData\Local\{51547516-DED5-4122-BE2F-284505CD3597}
2012-06-23 00:22 - 2012-06-23 00:22 - 00000000 ____D C:\Users\Spencer\AppData\Local\{894CFFB3-D61B-4F5E-94FF-4DE5C3A1EB00}
2012-06-23 00:22 - 2012-06-23 00:22 - 00000000 ____D C:\Users\Spencer\AppData\Local\{2AE42F09-B4E6-4622-B4CF-7F33966FD455}
2012-06-22 10:37 - 2012-06-22 10:37 - 00000000 ____D C:\Users\Spencer\AppData\Local\{563AF5DF-471A-4D7B-B92E-47ACD2F18686}
2012-06-22 10:36 - 2012-06-22 10:37 - 00000000 ____D C:\Users\Spencer\AppData\Local\{7E6E0ED5-66BE-4EA0-8E1F-7EE2EA6852BB}
2012-06-21 23:27 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 23:27 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 23:27 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 23:27 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 23:27 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 23:27 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 23:27 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 23:27 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 23:27 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 20:47 - 2012-06-21 20:48 - 00000000 ____D C:\Users\Spencer\AppData\Local\{1F2962E5-7C69-4631-9D66-034A9A84CAEF}
2012-06-21 20:47 - 2012-06-21 20:47 - 00000000 ____D C:\Users\Spencer\AppData\Local\{A3609FCA-BA64-4A37-8E5D-AA974B2D13B2}
2012-06-21 11:33 - 2012-06-21 11:33 - 00000000 ____D C:\Users\Spencer\AppData\Local\{E8C6044C-8C53-4B3E-A348-F250021A6C97}
2012-06-20 20:52 - 2012-06-20 20:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\{E70B6F8D-6796-4B3B-B193-EE36203C8CE1}
2012-06-20 20:52 - 2012-06-20 20:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\{30326932-140C-4E8D-9EAD-8A52B1B6D314}
2012-06-20 08:52 - 2012-06-20 08:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\{DF395437-8A1D-4C0E-8409-0867C182F2FC}
2012-06-20 08:52 - 2012-06-20 08:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\{A3CEBD28-0F22-4C88-AF72-411C725943EE}
2012-06-20 06:58 - 2012-06-20 06:58 - 00000000 ____D C:\Users\Spencer\AppData\Local\{CE671D1E-5844-4C6E-B74C-C2CE75F805E2}
2012-06-19 18:57 - 2012-06-19 18:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{AE186B93-9FC4-4309-9211-5D54DF0A2D1C}
2012-06-19 18:56 - 2012-06-19 18:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{62A8B2BF-2EFE-46DF-A4AD-4050EFED1C29}
2012-06-19 06:56 - 2012-06-19 06:56 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4DD42464-9529-413D-8D92-849DC376DAA5}
2012-06-19 06:56 - 2012-06-19 06:56 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3285CF79-6466-48DB-82BF-92D7B79936DB}
2012-06-19 05:43 - 2012-06-19 05:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{035CD97A-9B97-4453-9B09-EEDBE05C24DF}
2012-06-18 14:15 - 2012-06-18 14:15 - 00000000 ____D C:\Users\Spencer\AppData\Local\{0AFC6201-16A4-4D41-A29E-B37F379EE342}
2012-06-17 11:26 - 2012-06-17 11:27 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D81814EA-4643-4C6E-B595-421AE21A4D45}
2012-06-16 23:26 - 2012-06-16 23:26 - 00000000 ____D C:\Users\Spencer\AppData\Local\{FAEF7F82-DB0C-47A4-90B2-818ACCEB7929}
2012-06-16 16:57 - 2012-06-16 16:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{5E4B5238-C278-44B3-B4B7-7D25B3A58C28}
2012-06-16 16:14 - 2012-06-16 16:14 - 00000000 ____D C:\Users\Spencer\AppData\Local\{E47795FB-F170-4D77-A587-5869CF892B3D}
2012-06-16 02:37 - 2012-06-16 02:37 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\IDT
2012-06-16 00:57 - 2011-08-22 21:21 - 00983920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-06-16 00:57 - 2011-08-22 21:21 - 00265072 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-06-16 00:55 - 2011-06-09 21:32 - 00246784 ____A (Microsoft Corporation) C:\Windows\System32\input.dll
2012-06-16 00:55 - 2011-06-09 20:30 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2012-06-16 00:55 - 2011-06-09 14:57 - 00419744 ____A C:\Windows\SysWOW64\locale.nls
2012-06-16 00:55 - 2011-06-09 14:55 - 00419744 ____A C:\Windows\System32\locale.nls
2012-06-16 00:54 - 2011-02-24 22:25 - 00296320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-06-15 10:44 - 2012-06-15 10:44 - 00000000 ____D C:\Users\Spencer\AppData\Local\{A446AD4A-EAFC-4E09-9858-D2D7A24FE9C8}
2012-06-14 12:39 - 2012-06-14 12:40 - 00000000 ____D C:\Users\Spencer\AppData\Local\Microsoft Games
2012-06-14 08:32 - 2012-06-14 08:32 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-14 08:32 - 2012-06-14 08:32 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4980BF72-8192-40D2-A454-C7F3C58336FD}
2012-06-14 08:32 - 2012-06-14 08:32 - 00000000 ____D C:\Users\Spencer\AppData\Local\{0632FA41-D6B1-48FD-BDF1-06B3471D367D}
2012-06-13 15:58 - 2012-06-13 15:59 - 31961789 ____A C:\Users\Spencer\Downloads\SCP - Containment Breach v0.2.zip
2012-06-13 11:01 - 2012-06-13 11:01 - 00000000 ____D C:\Users\Spencer\AppData\Local\{EA2B879C-8611-4578-A5A7-6CD4BCC2B945}
2012-06-13 11:01 - 2012-06-13 11:01 - 00000000 ____D C:\Users\Spencer\AppData\Local\{245D85D1-3999-48A9-B978-8E0AA254B67D}
2012-06-13 08:42 - 2012-06-13 08:42 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D62E766A-74CF-46EF-AF12-D31F871994AA}
2012-06-13 06:37 - 2012-06-13 06:37 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4EDB1A38-BA78-4BFB-AA2A-2695A2C06D62}
2012-06-12 22:20 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 22:20 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 22:20 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 22:20 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 22:20 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 22:20 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 22:20 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 22:20 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 22:20 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 22:20 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 22:20 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 22:20 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 22:20 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 22:20 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 22:20 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 22:20 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 22:20 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-12 22:20 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 22:20 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-12 22:20 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 22:20 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 22:20 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 22:20 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 22:20 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-12 22:20 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 22:20 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 22:20 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 22:20 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 17:36 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 17:36 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 17:36 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 17:36 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 17:36 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 17:36 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 17:36 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 17:36 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 17:36 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 17:36 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 17:36 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 17:36 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 17:36 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 17:36 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 17:36 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 17:36 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 17:36 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 17:29 - 2012-06-12 17:30 - 00000000 ____D C:\Users\Spencer\AppData\Local\{CAA0EB32-59B3-4F92-BCFE-7788B74F498B}
2012-06-12 17:29 - 2012-06-12 17:29 - 00000000 ____D C:\Users\Spencer\AppData\Local\{13CFF145-2C81-4D0A-BEE4-8B0BF62CCF80}
2012-06-11 18:57 - 2012-06-11 18:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{341C9F61-D320-4D9A-8527-DB040D734EEF}
2012-06-11 18:56 - 2012-06-11 18:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{0135131E-A642-452B-95D4-3A8DB7D479D3}
2012-06-10 20:43 - 2012-06-10 20:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D52A0C3F-EFA5-4AD4-910F-7D96C660E659}
2012-06-10 20:43 - 2012-06-10 20:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{65D80D19-184F-46AF-BD03-E97DDCF9A4D1}
2012-06-10 09:10 - 2012-06-10 09:10 - 00000000 ____D C:\Program Files (x86)\Valve
2012-06-10 09:09 - 2012-06-10 20:35 - 00000000 ____D C:\Program Files (x86)\Portal
2012-06-09 22:09 - 2012-06-09 22:09 - 00000000 ____D C:\Users\Spencer\AppData\Local\{DC4BC813-5829-4ECD-8469-6D4DBA5973AC}
2012-06-09 22:09 - 2012-06-09 22:09 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D6AD59BA-B78E-43C9-A9DE-1A7B8CE736D3}
2012-06-09 14:28 - 2012-06-09 14:28 - 00000000 ____D C:\Users\Spencer\AppData\Local\{FA8091ED-8701-4F06-85C5-67B2F1F860D1}
2012-06-08 18:19 - 2012-06-08 18:19 - 00000000 ____D C:\Users\Spencer\AppData\Local\{EF146CAE-8A0F-4832-90AE-EA27C06E25DB}
2012-06-08 18:19 - 2012-06-08 18:19 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3BE3E7E5-2900-4C88-9AE2-C5932CBE9E52}
2012-06-08 15:51 - 2012-06-08 15:51 - 00000000 ____D C:\Users\Spencer\AppData\Local\{322FE8E1-B3A8-4DDC-BF34-262EA7E63EE4}
2012-06-07 15:26 - 2012-06-07 15:26 - 00000000 ____D C:\Windows\Sun
2012-06-07 15:03 - 2012-06-07 15:03 - 00000000 ____D C:\Users\Spencer\AppData\Local\{9DEE8E62-6A5F-4240-9F5C-A098D885791E}
2012-06-07 15:02 - 2012-06-07 15:02 - 00000000 ____D C:\Users\Spencer\AppData\Local\{6E62EEFE-C1C8-4327-BB0F-2BD74FABFEAE}
2012-06-06 17:59 - 2012-06-10 20:36 - 00000000 ____D C:\Users\Spencer\AppData\Local\SKIDROW
2012-06-06 15:26 - 2012-06-06 15:26 - 00000512 ____A C:\Users\Spencer\Documents\cc_20120606_162616.reg
2012-06-06 15:25 - 2012-06-06 15:25 - 00136628 ____A C:\Users\Spencer\Documents\cc_20120606_162551.reg
2012-06-06 15:24 - 2012-06-06 15:25 - 01835836 ____A C:\Users\Spencer\Documents\cc_20120606_162435.reg
2012-06-06 14:49 - 2012-06-06 14:50 - 00000000 ____D C:\Users\Spencer\AppData\Local\{03C5D34B-CC13-46FC-BC9F-F5C1AA41AB53}
2012-06-06 14:49 - 2012-06-06 14:49 - 00000000 ____D C:\Users\Spencer\AppData\Local\{2F68204B-0D58-43F1-A156-AA3822813BCC}
2012-06-06 14:49 - 2012-06-06 14:49 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-06-05 14:05 - 2012-06-05 14:06 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D224E1AD-2065-46E9-BD4E-2CF095705F77}
2012-06-05 14:05 - 2012-06-05 14:05 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3663162E-69FC-4C96-9688-D8ACF6AF1ED7}
2012-06-04 06:38 - 2012-06-04 06:38 - 00000000 ____D C:\Users\Spencer\AppData\Local\{24E7C519-7B02-4AD8-BDEE-10C472421EDE}
2012-06-03 19:16 - 2012-06-03 19:16 - 00000000 ____D C:\Users\Spencer\Documents\My Spore Creations
2012-06-03 13:42 - 2012-06-03 13:42 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-03 13:42 - 2012-06-03 13:42 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-03 13:42 - 2012-06-03 13:42 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-03 13:42 - 2012-06-03 13:42 - 00000000 ____D C:\Program Files\Java
2012-06-03 11:36 - 2012-06-03 13:42 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-03 11:36 - 2012-06-03 13:42 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-03 11:35 - 2012-06-21 22:37 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\SPORE
2012-06-03 11:26 - 2012-06-03 11:26 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-03 11:26 - 2012-04-04 17:47 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-06-03 11:25 - 2012-06-03 11:25 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-03 11:25 - 2012-06-03 11:25 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-03 11:25 - 2012-06-03 11:25 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-03 11:25 - 2012-04-04 17:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-03 11:25 - 2012-04-04 17:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-03 10:40 - 2012-06-24 23:05 - 00000000 ____D C:\Users\Spencer\Documents\Youcam
2012-06-03 10:40 - 2012-06-03 10:40 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\CyberLink
2012-06-03 10:40 - 2012-06-03 10:40 - 00000000 ____D C:\Users\Spencer\AppData\Local\CyberLink
2012-06-03 10:40 - 2012-06-03 10:40 - 00000000 ____D C:\Users\Public\CyberLink
2012-06-03 10:39 - 2011-08-02 10:56 - 00002139 ____A C:\Users\Spencer\Desktop\Skype.lnk
2012-06-03 10:26 - 2012-06-03 10:26 - 00000000 ____D C:\Users\Spencer\AppData\Local\{EF227401-B70E-4E97-8331-0CC911DAAE75}
2012-06-03 10:25 - 2012-06-03 10:26 - 00000000 ____D C:\Users\Spencer\AppData\Local\{FBE87082-AB55-41AC-80A0-80D9CD57B797}
2012-06-03 10:23 - 2012-06-03 10:23 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4694EF5A-B4C1-4795-9202-B363C6DD495D}
2012-06-03 10:22 - 2012-06-03 10:22 - 00000000 ____D C:\Users\Spencer\AppData\Local\{9CA8109A-47EE-48AA-A0D6-1786D29C4E84}
2012-06-03 00:39 - 2012-06-03 00:38 - 09888360 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2012-06-03 00:37 - 2012-06-03 00:37 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-06-03 00:35 - 2012-06-03 00:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2012-06-03 00:34 - 2012-06-03 00:34 - 08604672 ____A (Intel Corporation) C:\Windows\System32\Drivers\NETwNs64.sys
2012-06-03 00:33 - 2012-06-03 00:33 - 00208896 ____A (Renesas Electronics Corporation) C:\Windows\System32\Drivers\nusb3xhc.sys
2012-06-03 00:33 - 2012-06-03 00:33 - 00091648 ____A (Renesas Electronics Corporation) C:\Windows\System32\Drivers\nusb3hub.sys
2012-06-03 00:33 - 2012-06-03 00:33 - 00081920 ____A (Renesas Electronics Corporation) C:\Windows\System32\nusb3co2.dll
2012-06-03 00:26 - 2012-06-03 00:26 - 00000000 ____D C:\Windows\en
2012-06-02 20:43 - 2012-06-02 20:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{ED86A45E-89B8-4B8E-B722-4E7722EC3BA5}
2012-06-02 20:43 - 2012-06-02 20:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{C2784EF6-4BC1-49BD-AFD6-5FA085F4B0EF}
2012-06-02 20:41 - 2012-06-02 20:41 - 00000000 ____D C:\Users\Spencer\AppData\Local\{30CFF8C6-DDB6-4C3F-BCA6-4840A70E8710}
2012-05-31 21:24 - 2012-05-31 21:24 - 00000000 ____D C:\Users\Spencer\Documents\Rockstar Games
2012-05-31 21:15 - 2012-05-31 21:15 - 00000000 ____D C:\Users\Spencer\AppData\Local\{660BA909-5783-46AB-9D0F-83FC87120F30}
2012-05-31 21:15 - 2012-05-31 21:15 - 00000000 ____D C:\Users\Spencer\AppData\Local\{287CB07D-B3EF-4B69-8AC3-B1598CCDEF94}
2012-05-31 17:29 - 2012-05-31 17:30 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3B92E555-D1EE-415E-A16F-15A50FAC006E}
2012-05-31 17:29 - 2012-05-31 17:29 - 00000000 ____D C:\Users\Spencer\AppData\Local\{F5244E88-EC9F-42E8-A232-7390A171A1DD}
2012-05-31 14:13 - 2012-05-31 14:13 - 00000000 ____D C:\Users\Spencer\AppData\Local\{778CAE1B-800F-4146-B64E-D5EEDF7DC5C5}
2012-05-31 14:12 - 2012-05-31 14:13 - 00000000 ____D C:\Users\Spencer\AppData\Local\{6430E8B4-C54F-452C-9B95-23F6F3D1B681}
2012-05-31 12:28 - 2012-05-31 12:29 - 00000000 ____D C:\Users\Spencer\AppData\Local\{5A8A89A9-E58B-42A2-89C3-0471F94E7BBA}
2012-05-31 12:28 - 2012-05-31 12:28 - 00000000 ____D C:\Users\Spencer\AppData\Local\{F66A16E5-E28D-4FFA-9BC1-0F0883D1EFFE}
2012-05-31 12:27 - 2012-06-29 08:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-31 12:27 - 2012-06-14 08:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-30 16:33 - 2012-05-30 16:33 - 00000000 ____D C:\Users\Spencer\AppData\Local\{BB2A9655-41BF-4C5A-A472-C4C9A391FD95}
2012-05-30 16:32 - 2012-05-30 16:33 - 00000000 ____D C:\Users\Spencer\AppData\Local\{174421FB-2AA7-4B01-8154-70ED80BD739E}
2012-05-30 06:46 - 2012-05-30 06:46 - 00000000 ____D C:\Users\Spencer\AppData\Local\{B89D7705-9877-481B-87D9-49B6AC246E87}
2012-05-30 06:26 - 2012-05-30 06:26 - 00000000 ____D C:\Users\Spencer\AppData\Local\{76493B02-C56E-42EA-9588-AC55EFB29ACF}
2012-05-30 06:25 - 2012-05-30 06:26 - 00000000 ____D C:\Users\Spencer\AppData\Local\{6CD9BB50-B297-423B-B873-9C5BBB0541AB}
============ 3 Months Modified Files and Folders =============
2012-06-29 13:01 - 2012-06-29 13:00 - 00000000 ____D C:\FRST
2012-06-29 09:41 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-29 09:40 - 2012-06-29 08:19 - 00000280 ____A C:\Windows\setupact.log
2012-06-29 09:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-29 09:39 - 2012-06-29 09:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9B19F40BF3FF8EF
2012-06-29 08:33 - 2012-06-29 08:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CBC831A7E7F28E6
2012-06-29 08:33 - 2012-06-29 08:33 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\inafbuwk.sys
2012-06-29 08:32 - 2012-05-23 19:06 - 00346112 __ASH C:\Users\Spencer\Desktop\Thumbs.db
2012-06-29 08:28 - 2012-06-29 08:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7A74D6661D10C75
2012-06-29 08:25 - 2012-06-29 08:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FC6A5A549ED327F
2012-06-29 08:23 - 2012-06-28 10:03 - 00105666 ____A C:\Windows\WindowsUpdate.log
2012-06-29 08:23 - 2009-07-13 21:13 - 00794072 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-29 08:19 - 2012-06-29 08:19 - 00000000 ____A C:\Windows\setuperr.log
2012-06-29 08:17 - 2012-06-29 08:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4477EA1352089DB6
2012-06-29 08:17 - 2012-05-31 12:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-29 08:15 - 2010-04-22 05:12 - 00000000 ____D C:\Users\Spencer\AppData\Local\CrashDumps
2012-06-29 08:14 - 2012-05-23 21:32 - 00000979 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-29 08:10 - 2012-06-29 08:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-29 08:10 - 2012-06-28 10:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-29 08:10 - 2012-05-22 18:54 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-29 08:10 - 2012-05-22 18:53 - 00808222 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-29 07:58 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-29 07:58 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-29 07:49 - 2012-06-29 07:49 - 00423736 ____A C:\Users\Spencer\Downloads\avgarkt-setup-1.1.0.42.exe
2012-06-29 07:35 - 2012-06-29 07:35 - 00000000 ____D C:\Users\Spencer\Downloads\RootRepeal
2012-06-29 07:34 - 2012-06-29 07:34 - 00464491 ____A C:\Users\Spencer\Downloads\RootRepeal.zip
2012-06-29 07:32 - 2012-05-25 15:27 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2633730853-1098832519-2509257754-1000UA.job
2012-06-29 07:24 - 2012-06-29 07:24 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-29 07:24 - 2012-06-29 07:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-29 07:22 - 2012-06-29 07:22 - 00000000 ____D C:\Users\Spencer\AppData\Local\{8E1FF27C-25AC-4563-8716-39AFD294D7BA}
2012-06-29 03:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-29 02:07 - 2012-06-29 02:07 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-29 01:57 - 2012-06-29 01:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{135C3BC0-8C88-4D23-AA45-69D89B59D0BF}
2012-06-29 01:46 - 2012-06-29 01:45 - 00000000 ___SD C:\32788R22FWJFW
2012-06-29 01:46 - 2012-06-29 01:45 - 00000000 ____D C:\Windows\erdnt
2012-06-29 01:46 - 2012-06-29 01:45 - 00000000 ____D C:\Qoobox
2012-06-29 01:26 - 2012-06-28 10:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-29 01:26 - 2012-06-28 10:02 - 00000000 ____D C:\Users\Spencer\Downloads\tdsskiller
2012-06-29 01:26 - 2012-06-27 21:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-29 01:26 - 2012-06-25 16:43 - 00000000 ____D C:\Program Files (x86)\Just Cause 2
2012-06-29 01:26 - 2012-05-27 23:12 - 00000000 ____D C:\Program Files (x86)\MW3
2012-06-29 01:26 - 2012-05-26 23:47 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\IMVUClient
2012-06-29 01:26 - 2012-05-25 16:54 - 00000000 ___RD C:\Users\Spencer\Games
2012-06-29 01:26 - 2012-05-25 16:28 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\vlc
2012-06-29 01:26 - 2012-05-25 15:21 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-29 01:26 - 2012-05-23 21:32 - 00000000 ____D C:\Program Files\CCleaner
2012-06-29 01:26 - 2011-10-27 00:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2012-06-29 01:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-29 01:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-29 01:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-29 01:25 - 2012-05-28 02:24 - 00000000 ____D C:\Users\Spencer\Documents\Penumbra
2012-06-29 01:25 - 2012-05-27 02:37 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\.minecraft
2012-06-29 01:24 - 2012-05-23 14:28 - 00000000 ____D C:\AMD
2012-06-29 01:19 - 2012-06-29 01:19 - 00000000 __SHD C:\found.000
2012-06-29 01:14 - 2012-06-29 01:14 - 00000012 ____A C:\Users\Spencer\Desktop\ff.bat
2012-06-29 00:40 - 2012-06-29 00:40 - 00000468 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-06-29 00:40 - 2012-06-29 00:40 - 00000448 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-06-29 00:40 - 2012-06-29 00:40 - 00000424 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-06-29 00:40 - 2012-06-29 00:40 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\SpeedyPC Software
2012-06-29 00:40 - 2012-06-29 00:40 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\DriverCure
2012-06-29 00:31 - 2012-06-29 00:29 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\GetRightToGo
2012-06-29 00:28 - 2010-04-21 23:54 - 00000000 ____D C:\users\Spencer
2012-06-29 00:09 - 2012-06-29 00:09 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\uvudvcet.sys
2012-06-28 20:14 - 2012-06-28 20:14 - 00000000 ____A C:\Windows\System32\services.exe.663F6946A30AF264
2012-06-28 13:29 - 2012-06-28 13:35 - 02048818 ____A C:\Users\Spencer\Downloads\FakeAVRemover_1.0.0.1019.zip
2012-06-28 12:30 - 2012-05-25 06:29 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\uTorrent
2012-06-28 12:00 - 2011-10-27 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-28 11:42 - 2012-06-28 11:36 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-06-28 11:38 - 2012-06-28 11:38 - 00000000 ____D C:\Users\Spencer\AppData\Local\{250D278D-FF16-428B-8815-F9011650F613}
2012-06-28 11:20 - 2012-05-22 18:12 - 00000000 __SHD C:\Users\Spencer\AppData\Local\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}
2012-06-28 10:32 - 2012-06-28 10:32 - 00000000 ____D C:\Users\Spencer\AppData\Local\{CA5692FC-94CB-4F5A-9DA8-C3F97D6B4380}
2012-06-28 10:32 - 2012-06-28 10:32 - 00000000 ____D C:\Users\Spencer\AppData\Local\{70058F6F-A1C2-4EB4-86EB-8E02F3340482}
2012-06-28 10:32 - 2012-05-22 21:10 - 00000000 ____D C:\Users\Spencer\AppData\Local\Windows Live
2012-06-28 10:29 - 2012-06-28 10:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E410308AE1589539
2012-06-28 10:02 - 2012-06-28 10:02 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Malwarebytes
2012-06-28 09:59 - 2012-06-28 09:59 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Spencer\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-28 09:55 - 2012-06-28 09:55 - 02109990 ____A C:\Users\Spencer\Downloads\tdsskiller.zip
2012-06-28 09:20 - 2012-06-28 09:20 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4A3C9494-1145-4662-9674-E092966A5A6B}
2012-06-28 09:14 - 2012-06-28 09:14 - 00000000 ____D C:\Users\Spencer\AppData\Local\{E91AB8AA-9AF2-49DD-A55D-36888AC22FC2}
2012-06-27 20:08 - 2012-05-26 23:47 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\IMVU
2012-06-27 15:32 - 2012-05-25 15:27 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2633730853-1098832519-2509257754-1000Core.job
2012-06-27 11:39 - 2012-06-27 11:39 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D87D9047-B88D-43E8-8312-FF8B2FE9AC4A}
2012-06-27 11:39 - 2012-06-27 11:39 - 00000000 ____D C:\Users\Spencer\AppData\Local\{CB4E5EB8-66E1-4A26-9459-DFE02248355F}
2012-06-26 23:13 - 2012-06-26 23:10 - 120952520 ____A (AMD Inc.) C:\Users\Spencer\Downloads\amd_catalyst_11.5b_hotfix_8.85.6rc5_win7_may25.exe
2012-06-26 19:00 - 2012-06-26 19:00 - 00000000 ____D C:\Users\Spencer\AppData\Local\{95BC66A9-CE51-4489-B023-C90BB186C208}
2012-06-26 10:10 - 2012-06-26 10:10 - 00000000 ____D C:\Users\Spencer\AppData\Local\{506DACD5-7047-491E-82F9-6271533E6DB3}
2012-06-25 16:47 - 2012-06-25 16:47 - 00000000 ____D C:\Users\Spencer\Documents\Square Enix
2012-06-25 13:28 - 2012-06-25 13:28 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-06-25 10:14 - 2012-06-25 10:14 - 00000000 ____D C:\Users\Spencer\AppData\Local\{86A6C74E-C3F0-4154-A7B3-D68377BA2FB1}
2012-06-25 10:14 - 2012-06-25 10:13 - 00000000 ____D C:\Users\Spencer\AppData\Local\{AFF3C4F7-3111-455D-BD54-06807FF6D09B}
2012-06-24 23:05 - 2012-06-03 10:40 - 00000000 ____D C:\Users\Spencer\Documents\Youcam
2012-06-24 21:57 - 2012-05-22 21:18 - 00000000 ____D C:\Users\Spencer\School
2012-06-24 21:31 - 2012-06-24 21:31 - 00000000 ____D C:\Users\Spencer\AppData\Local\{B029511B-16ED-4689-A9EB-E0993E306109}
2012-06-24 21:31 - 2012-06-24 21:31 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3CA2EEEE-1312-4A1C-B71E-335ECAACD9D6}
2012-06-24 17:47 - 2012-06-24 17:47 - 00000000 ____D C:\Users\Spencer\AppData\Local\{51547516-DED5-4122-BE2F-284505CD3597}
2012-06-23 17:13 - 2012-05-22 22:23 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForSpencer.job
2012-06-23 00:22 - 2012-06-23 00:22 - 00000000 ____D C:\Users\Spencer\AppData\Local\{894CFFB3-D61B-4F5E-94FF-4DE5C3A1EB00}
2012-06-23 00:22 - 2012-06-23 00:22 - 00000000 ____D C:\Users\Spencer\AppData\Local\{2AE42F09-B4E6-4622-B4CF-7F33966FD455}
2012-06-22 10:37 - 2012-06-22 10:37 - 00000000 ____D C:\Users\Spencer\AppData\Local\{563AF5DF-471A-4D7B-B92E-47ACD2F18686}
2012-06-22 10:37 - 2012-06-22 10:36 - 00000000 ____D C:\Users\Spencer\AppData\Local\{7E6E0ED5-66BE-4EA0-8E1F-

 

[Fantafe]

7EE2EA6852BB}
2012-06-21 22:37 - 2012-06-03 11:35 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\SPORE
2012-06-21 20:48 - 2012-06-21 20:47 - 00000000 ____D C:\Users\Spencer\AppData\Local\{1F2962E5-7C69-4631-9D66-034A9A84CAEF}
2012-06-21 20:47 - 2012-06-21 20:47 - 00000000 ____D C:\Users\Spencer\AppData\Local\{A3609FCA-BA64-4A37-8E5D-AA974B2D13B2}
2012-06-21 11:33 - 2012-06-21 11:33 - 00000000 ____D C:\Users\Spencer\AppData\Local\{E8C6044C-8C53-4B3E-A348-F250021A6C97}
2012-06-20 20:52 - 2012-06-20 20:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\{E70B6F8D-6796-4B3B-B193-EE36203C8CE1}
2012-06-20 20:52 - 2012-06-20 20:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\{30326932-140C-4E8D-9EAD-8A52B1B6D314}
2012-06-20 08:52 - 2012-06-20 08:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\{DF395437-8A1D-4C0E-8409-0867C182F2FC}
2012-06-20 08:52 - 2012-06-20 08:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\{A3CEBD28-0F22-4C88-AF72-411C725943EE}
2012-06-20 06:58 - 2012-06-20 06:58 - 00000000 ____D C:\Users\Spencer\AppData\Local\{CE671D1E-5844-4C6E-B74C-C2CE75F805E2}
2012-06-19 18:57 - 2012-06-19 18:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{AE186B93-9FC4-4309-9211-5D54DF0A2D1C}
2012-06-19 18:57 - 2012-06-19 18:56 - 00000000 ____D C:\Users\Spencer\AppData\Local\{62A8B2BF-2EFE-46DF-A4AD-4050EFED1C29}
2012-06-19 06:56 - 2012-06-19 06:56 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4DD42464-9529-413D-8D92-849DC376DAA5}
2012-06-19 06:56 - 2012-06-19 06:56 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3285CF79-6466-48DB-82BF-92D7B79936DB}
2012-06-19 05:43 - 2012-06-19 05:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{035CD97A-9B97-4453-9B09-EEDBE05C24DF}
2012-06-18 14:15 - 2012-06-18 14:15 - 00000000 ____D C:\Users\Spencer\AppData\Local\{0AFC6201-16A4-4D41-A29E-B37F379EE342}
2012-06-17 11:27 - 2012-06-17 11:26 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D81814EA-4643-4C6E-B595-421AE21A4D45}
2012-06-16 23:26 - 2012-06-16 23:26 - 00000000 ____D C:\Users\Spencer\AppData\Local\{FAEF7F82-DB0C-47A4-90B2-818ACCEB7929}
2012-06-16 16:57 - 2012-06-16 16:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{5E4B5238-C278-44B3-B4B7-7D25B3A58C28}
2012-06-16 16:14 - 2012-06-16 16:14 - 00000000 ____D C:\Users\Spencer\AppData\Local\{E47795FB-F170-4D77-A587-5869CF892B3D}
2012-06-16 02:37 - 2012-06-16 02:37 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\IDT
2012-06-16 00:59 - 2011-08-02 10:46 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-06-15 11:12 - 2012-05-26 09:37 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V
2012-06-15 10:44 - 2012-06-15 10:44 - 00000000 ____D C:\Users\Spencer\AppData\Local\{A446AD4A-EAFC-4E09-9858-D2D7A24FE9C8}
2012-06-14 12:40 - 2012-06-14 12:39 - 00000000 ____D C:\Users\Spencer\AppData\Local\Microsoft Games
2012-06-14 12:36 - 2012-05-27 23:21 - 00007595 ____A C:\Users\Spencer\AppData\Local\Resmon.ResmonCfg
2012-06-14 08:32 - 2012-06-14 08:32 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-14 08:32 - 2012-06-14 08:32 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4980BF72-8192-40D2-A454-C7F3C58336FD}
2012-06-14 08:32 - 2012-06-14 08:32 - 00000000 ____D C:\Users\Spencer\AppData\Local\{0632FA41-D6B1-48FD-BDF1-06B3471D367D}
2012-06-14 08:32 - 2012-05-31 12:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-14 08:32 - 2011-08-02 10:49 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-13 15:59 - 2012-06-13 15:58 - 31961789 ____A C:\Users\Spencer\Downloads\SCP - Containment Breach v0.2.zip
2012-06-13 11:01 - 2012-06-13 11:01 - 00000000 ____D C:\Users\Spencer\AppData\Local\{EA2B879C-8611-4578-A5A7-6CD4BCC2B945}
2012-06-13 11:01 - 2012-06-13 11:01 - 00000000 ____D C:\Users\Spencer\AppData\Local\{245D85D1-3999-48A9-B978-8E0AA254B67D}
2012-06-13 08:53 - 2012-05-25 18:00 - 00000000 ____D C:\Program Files (x86)\SharePod_3.99
2012-06-13 08:42 - 2012-06-13 08:42 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D62E766A-74CF-46EF-AF12-D31F871994AA}
2012-06-13 06:37 - 2012-06-13 06:37 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4EDB1A38-BA78-4BFB-AA2A-2695A2C06D62}
2012-06-12 22:31 - 2009-07-13 20:45 - 04999328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 22:25 - 2012-05-22 18:23 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 17:30 - 2012-06-12 17:29 - 00000000 ____D C:\Users\Spencer\AppData\Local\{CAA0EB32-59B3-4F92-BCFE-7788B74F498B}
2012-06-12 17:29 - 2012-06-12 17:29 - 00000000 ____D C:\Users\Spencer\AppData\Local\{13CFF145-2C81-4D0A-BEE4-8B0BF62CCF80}
2012-06-11 18:57 - 2012-06-11 18:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\{341C9F61-D320-4D9A-8527-DB040D734EEF}
2012-06-11 18:57 - 2012-06-11 18:56 - 00000000 ____D C:\Users\Spencer\AppData\Local\{0135131E-A642-452B-95D4-3A8DB7D479D3}
2012-06-11 18:55 - 2012-05-25 15:28 - 00002418 ____A C:\Users\Spencer\Desktop\Google Chrome.lnk
2012-06-10 20:43 - 2012-06-10 20:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D52A0C3F-EFA5-4AD4-910F-7D96C660E659}
2012-06-10 20:43 - 2012-06-10 20:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{65D80D19-184F-46AF-BD03-E97DDCF9A4D1}
2012-06-10 20:36 - 2012-06-06 17:59 - 00000000 ____D C:\Users\Spencer\AppData\Local\SKIDROW
2012-06-10 20:35 - 2012-06-10 09:09 - 00000000 ____D C:\Program Files (x86)\Portal
2012-06-10 09:10 - 2012-06-10 09:10 - 00000000 ____D C:\Program Files (x86)\Valve
2012-06-09 22:09 - 2012-06-09 22:09 - 00000000 ____D C:\Users\Spencer\AppData\Local\{DC4BC813-5829-4ECD-8469-6D4DBA5973AC}
2012-06-09 22:09 - 2012-06-09 22:09 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D6AD59BA-B78E-43C9-A9DE-1A7B8CE736D3}
2012-06-09 14:28 - 2012-06-09 14:28 - 00000000 ____D C:\Users\Spencer\AppData\Local\{FA8091ED-8701-4F06-85C5-67B2F1F860D1}
2012-06-08 18:19 - 2012-06-08 18:19 - 00000000 ____D C:\Users\Spencer\AppData\Local\{EF146CAE-8A0F-4832-90AE-EA27C06E25DB}
2012-06-08 18:19 - 2012-06-08 18:19 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3BE3E7E5-2900-4C88-9AE2-C5932CBE9E52}
2012-06-08 18:04 - 2012-05-22 18:14 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-08 18:04 - 2010-04-22 00:17 - 00000000 ____D C:\Users\Spencer\AppData\Local\Hewlett-Packard
2012-06-08 15:57 - 2012-05-22 21:18 - 00001196 ____A C:\Users\Spencer\Desktop\Videos.lnk
2012-06-08 15:51 - 2012-06-08 15:51 - 00000000 ____D C:\Users\Spencer\AppData\Local\{322FE8E1-B3A8-4DDC-BF34-262EA7E63EE4}
2012-06-08 14:09 - 2012-05-26 22:41 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-06-07 15:26 - 2012-06-07 15:26 - 00000000 ____D C:\Windows\Sun
2012-06-07 15:03 - 2012-06-07 15:03 - 00000000 ____D C:\Users\Spencer\AppData\Local\{9DEE8E62-6A5F-4240-9F5C-A098D885791E}
2012-06-07 15:02 - 2012-06-07 15:02 - 00000000 ____D C:\Users\Spencer\AppData\Local\{6E62EEFE-C1C8-4327-BB0F-2BD74FABFEAE}
2012-06-06 15:26 - 2012-06-06 15:26 - 00000512 ____A C:\Users\Spencer\Documents\cc_20120606_162616.reg
2012-06-06 15:25 - 2012-06-06 15:25 - 00136628 ____A C:\Users\Spencer\Documents\cc_20120606_162551.reg
2012-06-06 15:25 - 2012-06-06 15:24 - 01835836 ____A C:\Users\Spencer\Documents\cc_20120606_162435.reg
2012-06-06 14:50 - 2012-06-06 14:49 - 00000000 ____D C:\Users\Spencer\AppData\Local\{03C5D34B-CC13-46FC-BC9F-F5C1AA41AB53}
2012-06-06 14:49 - 2012-06-06 14:49 - 00000000 ____D C:\Users\Spencer\AppData\Local\{2F68204B-0D58-43F1-A156-AA3822813BCC}
2012-06-06 14:49 - 2012-06-06 14:49 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-06-05 14:06 - 2012-06-05 14:05 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D224E1AD-2065-46E9-BD4E-2CF095705F77}
2012-06-05 14:05 - 2012-06-05 14:05 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3663162E-69FC-4C96-9688-D8ACF6AF1ED7}
2012-06-04 06:38 - 2012-06-04 06:38 - 00000000 ____D C:\Users\Spencer\AppData\Local\{24E7C519-7B02-4AD8-BDEE-10C472421EDE}
2012-06-03 19:16 - 2012-06-03 19:16 - 00000000 ____D C:\Users\Spencer\Documents\My Spore Creations
2012-06-03 13:42 - 2012-06-03 13:42 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-03 13:42 - 2012-06-03 13:42 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-03 13:42 - 2012-06-03 13:42 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-03 13:42 - 2012-06-03 13:42 - 00000000 ____D C:\Program Files\Java
2012-06-03 13:42 - 2012-06-03 11:36 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-03 13:42 - 2012-06-03 11:36 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-03 11:27 - 2012-05-26 23:53 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-06-03 11:27 - 2011-08-02 11:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-03 11:26 - 2012-06-03 11:26 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-03 11:25 - 2012-06-03 11:25 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-03 11:25 - 2012-06-03 11:25 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-03 11:25 - 2012-06-03 11:25 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-03 10:40 - 2012-06-03 10:40 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\CyberLink
2012-06-03 10:40 - 2012-06-03 10:40 - 00000000 ____D C:\Users\Spencer\AppData\Local\CyberLink
2012-06-03 10:40 - 2012-06-03 10:40 - 00000000 ____D C:\Users\Public\CyberLink
2012-06-03 10:26 - 2012-06-03 10:26 - 00000000 ____D C:\Users\Spencer\AppData\Local\{EF227401-B70E-4E97-8331-0CC911DAAE75}
2012-06-03 10:26 - 2012-06-03 10:25 - 00000000 ____D C:\Users\Spencer\AppData\Local\{FBE87082-AB55-41AC-80A0-80D9CD57B797}
2012-06-03 10:23 - 2012-06-03 10:23 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4694EF5A-B4C1-4795-9202-B363C6DD495D}
2012-06-03 10:22 - 2012-06-03 10:22 - 00000000 ____D C:\Users\Spencer\AppData\Local\{9CA8109A-47EE-48AA-A0D6-1786D29C4E84}
2012-06-03 00:40 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup
2012-06-03 00:40 - 2010-04-21 23:57 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\hpqLog
2012-06-03 00:39 - 2011-10-27 00:55 - 00000000 ____D C:\Windows\SysWOW64\sda
2012-06-03 00:39 - 2011-10-27 00:55 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-06-03 00:38 - 2012-06-03 00:39 - 09888360 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2012-06-03 00:38 - 2011-10-27 00:55 - 00338536 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsPStor.sys
2012-06-03 00:37 - 2012-06-03 00:37 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-06-03 00:37 - 2011-10-27 00:58 - 00000000 ____D C:\Program Files\Intel
2012-06-03 00:37 - 2011-10-27 00:55 - 00000000 ____D C:\Program Files\Common Files\Intel
2012-06-03 00:35 - 2012-06-03 00:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2012-06-03 00:35 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2012-06-03 00:34 - 2012-06-03 00:34 - 08604672 ____A (Intel Corporation) C:\Windows\System32\Drivers\NETwNs64.sys
2012-06-03 00:33 - 2012-06-03 00:33 - 00208896 ____A (Renesas Electronics Corporation) C:\Windows\System32\Drivers\nusb3xhc.sys
2012-06-03 00:33 - 2012-06-03 00:33 - 00091648 ____A (Renesas Electronics Corporation) C:\Windows\System32\Drivers\nusb3hub.sys
2012-06-03 00:33 - 2012-06-03 00:33 - 00081920 ____A (Renesas Electronics Corporation) C:\Windows\System32\nusb3co2.dll
2012-06-03 00:26 - 2012-06-03 00:26 - 00000000 ____D C:\Windows\en
2012-06-03 00:24 - 2011-08-02 10:58 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-06-03 00:24 - 2011-08-02 10:57 - 00000000 ____D C:\Program Files\Windows Live
2012-06-03 00:24 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-02 20:43 - 2012-06-02 20:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{ED86A45E-89B8-4B8E-B722-4E7722EC3BA5}
2012-06-02 20:43 - 2012-06-02 20:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{C2784EF6-4BC1-49BD-AFD6-5FA085F4B0EF}
2012-06-02 20:41 - 2012-06-02 20:41 - 00000000 ____D C:\Users\Spencer\AppData\Local\{30CFF8C6-DDB6-4C3F-BCA6-4840A70E8710}
2012-06-02 14:19 - 2012-06-21 23:27 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 23:27 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 23:27 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 23:27 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 23:27 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 23:27 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 23:27 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 23:27 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 23:27 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 21:24 - 2012-05-31 21:24 - 00000000 ____D C:\Users\Spencer\Documents\Rockstar Games
2012-05-31 21:15 - 2012-05-31 21:15 - 00000000 ____D C:\Users\Spencer\AppData\Local\{660BA909-5783-46AB-9D0F-83FC87120F30}
2012-05-31 21:15 - 2012-05-31 21:15 - 00000000 ____D C:\Users\Spencer\AppData\Local\{287CB07D-B3EF-4B69-8AC3-B1598CCDEF94}
2012-05-31 17:30 - 2012-05-31 17:29 - 00000000 ____D C:\Users\Spencer\AppData\Local\{3B92E555-D1EE-415E-A16F-15A50FAC006E}
2012-05-31 17:29 - 2012-05-31 17:29 - 00000000 ____D C:\Users\Spencer\AppData\Local\{F5244E88-EC9F-42E8-A232-7390A171A1DD}
2012-05-31 14:13 - 2012-05-31 14:13 - 00000000 ____D C:\Users\Spencer\AppData\Local\{778CAE1B-800F-4146-B64E-D5EEDF7DC5C5}
2012-05-31 14:13 - 2012-05-31 14:12 - 00000000 ____D C:\Users\Spencer\AppData\Local\{6430E8B4-C54F-452C-9B95-23F6F3D1B681}
2012-05-31 12:29 - 2012-05-31 12:28 - 00000000 ____D C:\Users\Spencer\AppData\Local\{5A8A89A9-E58B-42A2-89C3-0471F94E7BBA}
2012-05-31 12:28 - 2012-05-31 12:28 - 00000000 ____D C:\Users\Spencer\AppData\Local\{F66A16E5-E28D-4FFA-9BC1-0F0883D1EFFE}
2012-05-30 16:33 - 2012-05-30 16:33 - 00000000 ____D C:\Users\Spencer\AppData\Local\{BB2A9655-41BF-4C5A-A472-C4C9A391FD95}
2012-05-30 16:33 - 2012-05-30 16:32 - 00000000 ____D C:\Users\Spencer\AppData\Local\{174421FB-2AA7-4B01-8154-70ED80BD739E}
2012-05-30 06:47 - 2011-08-02 10:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-05-30 06:46 - 2012-05-30 06:46 - 00000000 ____D C:\Users\Spencer\AppData\Local\{B89D7705-9877-481B-87D9-49B6AC246E87}
2012-05-30 06:26 - 2012-05-30 06:26 - 00000000 ____D C:\Users\Spencer\AppData\Local\{76493B02-C56E-42EA-9588-AC55EFB29ACF}
2012-05-30 06:26 - 2012-05-30 06:25 - 00000000 ____D C:\Users\Spencer\AppData\Local\{6CD9BB50-B297-423B-B873-9C5BBB0541AB}
2012-05-29 16:37 - 2012-05-29 16:37 - 00000000 ____D C:\Users\Spencer\AppData\Local\{4DD89F0E-E2EC-4ED2-A3B6-1CFB72DBEDB8}
2012-05-29 16:37 - 2012-05-29 16:37 - 00000000 ____D C:\Users\Spencer\AppData\Local\{39E25811-26F6-4914-9EB8-9C4D7971519D}
2012-05-29 14:39 - 2012-05-29 14:39 - 00000000 ____D C:\Users\Spencer\AppData\Local\{58161113-EC3C-4F43-9740-3582E4670FF2}
2012-05-29 13:56 - 2012-05-29 13:56 - 00000000 ____D C:\Users\Spencer\AppData\Local\{19DAD682-9C87-4738-AD45-222D404522A3}
2012-05-28 22:02 - 2012-05-28 22:02 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-28 21:47 - 2012-05-28 21:47 - 00000000 ____D C:\Users\Spencer\AppData\Local\{9CD8B0EF-0A1C-47B0-B874-C7F5DF611502}
2012-05-28 21:47 - 2012-05-28 21:46 - 00000000 ____D C:\Users\Spencer\AppData\Local\{CA1AD9F9-E903-4F8D-A8E7-3DDCB88853B8}
2012-05-28 16:08 - 2010-04-22 05:18 - 00000000 ____D C:\Users\Spencer\AppData\Local\HP
2012-05-28 16:01 - 2012-05-28 16:01 - 00000000 ____D C:\Program Files (x86)\MSN Toolbar
2012-05-28 15:59 - 2012-05-23 14:00 - 00000000 ____D C:\Program Files (x86)\HP
2012-05-28 15:57 - 2012-05-28 15:57 - 00000000 ____D C:\Program Files\HP
2012-05-28 13:29 - 2012-05-28 13:29 - 00000000 ____D C:\Users\Spencer\AppData\Local\{868D053F-3E7E-4728-BFF8-DBC2195AD74D}
2012-05-28 13:29 - 2012-05-28 13:28 - 00000000 ____D C:\Users\Spencer\AppData\Local\{EA1FC7C4-8C9F-4C86-BD18-1156968CCF8A}
2012-05-28 13:20 - 2012-05-25 15:05 - 00000000 ____D C:\Users\Spencer\AppData\Local\Windows Live Writer
2012-05-28 13:08 - 2012-05-25 15:05 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Windows Live Writer
2012-05-28 12:59 - 2012-05-28 12:59 - 00000000 ____D C:\Users\Spencer\AppData\Local\{C87BBAAC-8F96-40E6-AF37-ABCE4848FC3F}
2012-05-28 12:59 - 2012-05-28 12:59 - 00000000 ____D C:\Users\Spencer\AppData\Local\{42EB9A99-73A4-4CC0-8CF1-14B5DC870068}
2012-05-28 12:37 - 2012-05-28 12:37 - 00000000 ____D C:\Users\Spencer\AppData\Local\{54B56A22-A59A-44BC-B637-8E94BD54327A}
2012-05-28 02:22 - 2012-05-28 02:22 - 00000000 ____D C:\Users\Spencer\AppData\Local\{C3797E0F-15A0-4A7A-A8F8-51B309C7FA13}
2012-05-28 02:07 - 2012-05-26 21:06 - 00000000 ____D C:\Program Files (x86)\LucasArts
2012-05-28 01:15 - 2012-05-28 01:15 - 00000000 ____D C:\Users\Spencer\Documents\Criterion Games
2012-05-28 01:13 - 2012-05-28 01:13 - 00000000 ____D C:\Users\Spencer\AppData\Local\EA Games
2012-05-28 00:59 - 2012-05-28 00:59 - 00000000 ____D C:\Program Files (x86)\EA Games
2012-05-28 00:54 - 2012-05-28 00:51 - 00000000 ____D C:\Program Files (x86)\Penumbra Series
2012-05-28 00:48 - 2012-05-28 00:48 - 00431104 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-28 00:48 - 2012-05-28 00:48 - 00409600 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-28 00:48 - 2012-05-28 00:48 - 00136192 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-28 00:48 - 2012-05-28 00:48 - 00114688 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-28 00:48 - 2012-05-28 00:48 - 00000000 ____D C:\Users\Spencer\Documents\Penumbra Overture
2012-05-28 00:48 - 2012-05-28 00:48 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-05-28 00:44 - 2012-05-28 00:39 - 00000000 ____D C:\Users\Spencer\AppData\Local\Rockstar Games
2012-05-28 00:28 - 2012-05-28 00:28 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-05-28 00:13 - 2012-05-28 00:12 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-05-27 23:56 - 2012-05-27 23:56 - 00000000 ____D C:\Users\Spencer\AppData\Local\{1B8F202F-AADE-40F7-AB70-21FAC8223635}
2012-05-27 23:56 - 2012-05-27 23:55 - 00000000 ____D C:\Users\Spencer\AppData\Local\{122FA030-EF45-4625-BCCD-2C1B096E01C0}
2012-05-27 23:29 - 2012-05-27 23:29 - 00000000 ____D C:\Users\Spencer\AppData\Local\TeknoGods
2012-05-27 12:38 - 2012-05-27 12:38 - 00000000 ____D C:\Users\Spencer\AppData\Local\{5E4DB65A-35E6-4639-B822-96C5087FF2F8}
2012-05-27 02:40 - 2012-05-27 02:40 - 00000000 ____D C:\Users\Spencer\AppData\Local\FalloutNV
2012-05-27 02:40 - 2012-05-25 16:46 - 00000000 ____D C:\Users\Spencer\Documents\My Games
2012-05-27 02:35 - 2012-05-27 02:19 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2012-05-27 02:34 - 2012-05-27 02:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-27 02:28 - 2012-05-27 02:28 - 00000000 ____D C:\Users\Spencer\AppData\Local\Fallout3
2012-05-27 02:17 - 2012-05-27 02:17 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-05-27 01:29 - 2012-05-27 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2012-05-27 01:26 - 2010-04-22 05:11 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Adobe
2012-05-27 01:26 - 2010-04-21 23:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\Adobe
2012-05-27 01:23 - 2012-05-26 09:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\My Games
2012-05-27 01:19 - 2012-05-27 01:19 - 00226304 ____A (RAD Game Tools, Inc.) C:\Windows\SysWOW64\binkw32.dll
2012-05-27 01:09 - 2012-05-27 01:09 - 00000000 ____D C:\Users\Spencer\Documents\EVE
2012-05-27 00:51 - 2012-05-27 00:51 - 00000000 ____D C:\Program Files (x86)\CCP
2012-05-27 00:45 - 2012-05-26 13:22 - 00000000 ____D C:\Program Files (x86)\Unreal Anthology
2012-05-27 00:34 - 2012-05-27 00:34 - 00000000 ____D C:\Program Files (x86)\Firaxis Games
2012-05-27 00:29 - 2012-05-27 00:29 - 00000000 ____A C:\Windows\PowerReg.dat
2012-05-27 00:28 - 2012-05-27 00:28 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive
2012-05-26 23:58 - 2012-05-26 23:58 - 00000000 ____D C:\Users\Spencer\AppData\Local\Criterion Games
2012-05-26 23:57 - 2012-05-26 23:57 - 00001662 ____A C:\Windows\SysWOW64\ealregsnapshot1.reg
2012-05-26 23:57 - 2012-05-26 23:57 - 00000000 ____D C:\Users\Spencer\AppData\Local\Downloaded Installations
2012-05-26 23:47 - 2012-05-26 23:47 - 00001892 ____A C:\Users\Spencer\Documents\IMVU.lnk
2012-05-26 23:47 - 2012-05-26 23:47 - 00000000 ____D C:\Users\Spencer\AppData\Local\CCP
2012-05-26 22:38 - 2012-05-26 21:50 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Petroglyph
2012-05-26 22:03 - 2012-05-26 22:03 - 00043520 ____A C:\Windows\SysWOW64\CmdLineExt03.dll
2012-05-26 21:37 - 2012-05-26 13:20 - 00000000 ____D C:\Users\Spencer\Documents\SimCity 4
2012-05-26 20:55 - 2012-05-26 20:55 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Stardock
2012-05-26 20:54 - 2012-05-26 20:54 - 00000000 ____D C:\Program Files (x86)\Stardock
2012-05-26 20:53 - 2012-05-26 20:53 - 00000000 ____D C:\Program Files (x86)\Stardock Games
2012-05-26 20:52 - 2012-05-26 20:52 - 00000000 ____D C:\Users\Spencer\AppData\Local\Stardock
2012-05-26 13:04 - 2012-05-26 13:04 - 00000530 ____A C:\Windows\eReg.dat
2012-05-26 13:04 - 2012-05-26 13:04 - 00000000 ____D C:\Program Files (x86)\Maxis
2012-05-26 12:40 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-05-26 12:16 - 2010-04-21 23:57 - 00122000 ____A C:\Users\Spencer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-26 12:09 - 2012-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-05-26 12:07 - 2012-05-25 15:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-05-26 12:05 - 2012-05-26 12:05 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-05-26 09:57 - 2012-05-26 09:57 - 00000000 ____D C:\Program Files (x86)\2K Games
2012-05-26 09:33 - 2012-05-26 09:33 - 00000000 __RHD C:\Users\Spencer\AppData\Roaming\SecuROM
2012-05-26 09:14 - 2012-05-26 09:14 - 00000000 ____D C:\Users\Spencer\AppData\Local\{43ADA8CD-1B9B-4CC3-9541-1AFC7A1E8D78}
2012-05-26 09:07 - 2012-05-26 09:07 - 00000000 ____D C:\Users\Spencer\AppData\Local\{377771E3-A9A8-442D-9740-6D0B3282DC73}
2012-05-26 09:06 - 2012-05-26 09:06 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2012-05-26 09:06 - 2012-05-25 18:19 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2012-05-26 08:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-05-26 00:42 - 2012-05-26 00:42 - 00000000 ____D C:\Users\Spencer\AppData\Local\{D3B09693-E406-494A-A0B2-CB07BB3B0680}
2012-05-26 00:42 - 2012-05-26 00:41 - 00000000 ____D C:\Users\Spencer\AppData\Local\{273D4B65-58A6-469C-8921-45A499ADA6C1}
2012-05-25 21:41 - 2012-05-25 21:41 - 00000000 ____D C:\Users\Spencer\AppData\Local\{BE698C75-C13C-4363-A373-8BA4D523FAC8}
2012-05-25 20:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-05-25 20:23 - 2012-05-25 20:23 - 00000000 ____D C:\Users\Spencer\AppData\Local\{139FFEA2-7E2D-4D04-A1CE-83E99DA2B70A}
2012-05-25 19:55 - 2012-05-25 16:26 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Tropico 4
2012-05-25 18:24 - 2012-05-25 18:24 - 00000000 ____A C:\Windows\eDrawingOfficeAutomator.INI
2012-05-25 18:24 - 2012-05-25 18:18 - 00000000 ___HD C:\SolidWorks Data
2012-05-25 18:23 - 2012-05-25 18:23 - 00000023 ___AH C:\Windows\yacht.xws
2012-05-25 18:23 - 2012-05-25 18:23 - 00000000 ____D C:\Users\Spencer\Documents\SolidWorks Visual Studio Tools for Applications
2012-05-25 18:19 - 2012-05-25 18:19 - 00000000 ____D C:\Users\Spencer\Documents\Visual Studio 2005
2012-05-25 18:19 - 2012-05-25 15:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-25 18:18 - 2012-05-25 18:18 - 00000000 ____D C:\Program Files (x86)\MSECache
2012-05-25 18:18 - 2012-05-25 18:16 - 00000000 ____D C:\Windows\SolidWorks
2012-05-25 18:14 - 2012-05-25 18:14 - 00001413 ____A C:\Users\Spencer\Desktop\SharePod.lnk
2012-05-25 18:12 - 2012-05-25 15:13 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Apple Computer
2012-05-25 17:53 - 2012-05-22 21:18 - 00001189 ____A C:\Users\Spencer\Desktop\Music.lnk
2012-05-25 17:43 - 2012-05-25 17:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{1C3C83A9-860B-47BF-A2A2-380595359678}
2012-05-25 17:43 - 2012-05-25 17:43 - 00000000 ____D C:\Users\Spencer\AppData\Local\{052BE4D8-71BB-4B73-8654-A6B194EE1DF2}
2012-05-25 17:30 - 2012-05-25 17:29 - 00001552 ____A C:\Users\Spencer\Desktop\Spencer.lnk
2012-05-25 17:30 - 2012-05-25 16:54 - 00002000 ____A C:\Users\Spencer\Desktop\Games.lnk
2012-05-25 17:30 - 2012-05-22 21:18 - 00002006 ____A C:\Users\Spencer\Desktop\School.lnk
2012-05-25 17:13 - 2012-05-25 17:10 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6
2012-05-25 17:06 - 2012-05-25 17:05 - 00001753 ____A C:\Users\Spencer\Desktop\Photoshop.lnk
2012-05-25 17:03 - 2012-05-25 17:03 - 00000000 ____D C:\Program Files\Adobe
2012-05-25 17:03 - 2012-05-25 17:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-05-25 17:03 - 2011-08-02 11:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-05-25 16:56 - 2012-05-25 16:56 - 00000000 ____D C:\Program Files (x86)\Photoshop CS5
2012-05-25 16:47 - 2012-05-25 16:47 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\GameTuts
2012-05-25 16:47 - 2012-05-25 16:47 - 00000000 ____D C:\Users\Spencer\AppData\Local\GameTuts
2012-05-25 16:46 - 2012-05-25 16:46 - 00000000 ____D C:\Users\Spencer\AppData\Local\Skyrim
2012-05-25 16:21 - 2012-05-25 16:21 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Kalypso Media
2012-05-25 15:43 - 2012-05-25 15:43 - 00000000 ____D C:\Program Files (x86)\Kalypso Media
2012-05-25 15:42 - 2012-05-25 15:42 - 00000905 ____A C:\Users\Spencer\Desktop\Downloads.lnk
2012-05-25 15:38 - 2012-05-25 15:38 - 00001011 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-05-25 15:38 - 2012-05-25 15:38 - 00000000 ____D C:\Program Files (x86)\PowerISO
2012-05-25 15:27 - 2012-05-25 15:20 - 00000000 ____D C:\Users\Spencer\AppData\Local\Deployment
2012-05-25 15:27 - 2012-05-25 06:31 - 00000000 ____D C:\Users\Spencer\AppData\Local\Google
2012-05-25 15:21 - 2012-05-25 15:21 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-25 15:20 - 2012-05-23 21:31 - 00000000 ____D C:\Users\Spencer\AppData\Local\Apps\2.0
2012-05-25 15:19 - 2012-05-25 15:19 - 00001304 ____A C:\Users\Spencer\Desktop\Modio.lnk
2012-05-25 15:19 - 2012-05-25 15:19 - 00000000 ___AD C:\Program Files (x86)\Modio
2012-05-25 15:13 - 2012-05-25 15:13 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-25 15:13 - 2012-05-25 15:13 - 00000000 ____D C:\Users\Spencer\AppData\Local\Apple Computer
2012-05-25 15:12 - 2012-05-25 15:11 - 00000000 ____D C:\Program Files\iTunes
2012-05-25 15:12 - 2012-05-25 15:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-05-25 15:11 - 2012-05-25 15:11 - 00000000 ____D C:\Users\Spencer\AppData\Local\Apple
2012-05-25 15:11 - 2012-05-25 15:11 - 00000000 ____D C:\Program Files\iPod
2012-05-25 15:11 - 2012-05-25 15:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-05-25 15:11 - 2012-05-25 15:11 - 00000000 ____D C:\Program Files\Bonjour
2012-05-25 15:11 - 2012-05-25 15:11 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-05-25 15:11 - 2012-05-25 15:11 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-25 15:06 - 2012-05-26 12:39 - 00002693 ____A C:\Users\Spencer\Desktop\Word.lnk
2012-05-25 15:06 - 2012-05-26 12:39 - 00002645 ____A C:\Users\Spencer\Desktop\PowerPoint.lnk
2012-05-25 15:06 - 2012-05-25 15:05 - 00000000 ____D C:\Users\Spencer\AppData\Local\{84732A84-AF16-46FE-BB9E-6078D3368E52}
2012-05-25 15:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-05-25 15:04 - 2012-05-25 15:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-05-25 15:04 - 2012-05-25 15:02 - 00000000 ____D C:\Windows\SHELLNEW
2012-05-25 15:03 - 2012-05-25 15:03 - 00000000 ____D C:\Program Files\Microsoft Office
2012-05-25 15:02 - 2012-05-25 15:02 - 00000000 __RHD C:\MSOCache
2012-05-25 15:02 - 2012-05-25 15:02 - 00000000 ____D C:\Users\Spencer\AppData\Local\Microsoft Help
2012-05-25 12:05 - 2012-05-25 12:05 - 00001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-25 12:04 - 2012-05-25 12:04 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-05-25 11:54 - 2012-05-25 11:54 - 00000000 ____D C:\Program Files\7-Zip
2012-05-25 11:47 - 2012-05-25 11:47 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\WinRAR
2012-05-25 11:47 - 2012-05-25 11:47 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-05-25 06:31 - 2012-05-25 06:31 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Mozilla
2012-05-25 06:31 - 2012-05-25 06:31 - 00000000 ____D C:\Users\Spencer\AppData\Local\CRE
2012-05-25 06:31 - 2012-05-25 06:31 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-05-25 06:30 - 2012-05-25 06:30 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-25 06:30 - 2012-05-25 06:30 - 00000000 ____D C:\Users\Spencer\AppData\Local\Conduit
2012-05-25 06:30 - 2012-05-25 06:30 - 00000000 ____D C:\Program Files (x86)\uTorrentControl2
2012-05-25 06:30 - 2012-05-25 06:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-25 06:27 - 2012-05-25 06:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-05-24 20:26 - 2011-10-27 00:51 - 00000000 ____D C:\Program Files (x86)\Intel
2012-05-23 22:00 - 2012-05-23 21:57 - 00000000 ____D C:\Program Files\IDT
2012-05-23 21:45 - 2012-05-23 21:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\InstallShield
2012-05-23 21:36 - 2007-01-01 17:25 - 00000000 ____D C:\Windows\Panther
2012-05-23 21:18 - 2012-05-23 21:11 - 00000000 ____D C:\Windows\pss
2012-05-23 21:12 - 2012-05-23 21:12 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Symantec
2012-05-23 14:31 - 2012-05-23 14:31 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-05-23 14:31 - 2012-05-23 14:31 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-05-23 14:31 - 2012-05-23 14:29 - 00000000 ____D C:\Program Files\ATI Technologies
2012-05-23 14:13 - 2012-05-23 14:13 - 00000000 ____D C:\Program Files (x86)\SP55068
2012-05-23 14:12 - 2011-06-13 20:09 - 00000000 ____D C:\Program Files\Hewlett-Packard
2012-05-22 22:23 - 2012-05-22 22:23 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Hewlett-Packard
2012-05-22 21:11 - 2012-05-22 21:11 - 00000000 ____D C:\Users\Spencer\AppData\Local\{DA08D12A-B962-42FE-9BCD-84453752D36A}
2012-05-22 21:11 - 2012-05-22 21:11 - 00000000 ____D C:\Users\Spencer\AppData\Local\{6A0625BC-82C3-4304-99BD-4E94F6827906}
2012-05-22 21:11 - 2012-05-22 21:10 - 00000000 ____D C:\Users\Spencer\AppData\Local\{E0D2AEDD-C136-4099-9B8C-5847C8FFDBBD}
2012-05-22 21:10 - 2012-05-22 21:10 - 00000000 ____D C:\Users\Spencer\AppData\Local\{8584EFE7-AF58-43A8-B2FA-8630F233A202}
2012-05-22 21:10 - 2012-05-22 21:10 - 00000000 ____D C:\Users\Spencer\AppData\Local\{33FD739F-9122-445F-B137-AACA5FFAD45B}
2012-05-22 18:26 - 2011-08-02 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-22 18:25 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-05-22 18:18 - 2012-05-22 18:18 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-05-21 19:45 - 2012-05-25 11:51 - 00051169 ____A C:\Users\Spencer\Desktop\Movie List.PNG
2012-05-17 18:47 - 2012-06-12 22:20 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-12 22:20 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-12 22:20 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-12 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-12 22:20 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-12 22:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-12 22:20 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-12 22:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-12 22:20 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-12 22:20 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-12 22:20 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-12 22:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-12 22:20 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-12 22:20 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-12 22:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-12 22:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-12 22:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-12 22:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-12 22:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 22:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-12 22:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-12 22:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 22:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-12 22:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 22:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-12 22:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 22:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 22:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-12 17:36 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-04 03:06 - 2012-06-12 17:36 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 17:36 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 17:36 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-12 17:36 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-12 17:36 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 17:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 17:36 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 17:36 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 10:35 - 2012-04-25 10:35 - 00546640 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZComp5.dll
2012-04-25 10:35 - 2012-04-25 10:35 - 00481104 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZBase5.dll
2012-04-25 10:35 - 2012-04-25 10:35 - 00023376 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZIO5.dll
2012-04-23 21:37 - 2012-06-12 17:36 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 17:36 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 17:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 17:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 17:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 17:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 16:39 - 2012-04-19 16:39 - 00808784 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Base5.dll
2012-04-19 16:39 - 2012-04-19 16:39 - 00456528 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3DBA5.dll
2012-04-19 16:39 - 2012-04-19 16:39 - 00390992 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3UI5.dll
2012-04-19 16:39 - 2012-04-19 16:39 - 00231248 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Win325.dll
2012-04-19 16:39 - 2012-04-19 16:39 - 00132944 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3HTUI5.dll
2012-04-19 16:39 - 2012-04-19 16:39 - 00104272 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Inet5.dll
2012-04-19 16:39 - 2012-04-19 16:39 - 00100176 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Svc5.dll
2012-04-19 16:39 - 2012-04-19 16:39 - 00067408 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Hks5.dll
2012-04-19 16:39 - 2012-04-19 16:39 - 00029008 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3XDat5.dll
2012-04-07 04:31 - 2012-06-12 17:36 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 17:36 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-05 21:34 - 2012-04-05 21:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 21:34 - 2012-04-05 21:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 21:34 - 2012-04-05 21:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 21:33 - 2012-04-05 21:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 21:33 - 2012-04-05 21:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 21:33 - 2012-04-05 21:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 21:32 - 2012-04-05 21:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-04 17:47 - 2012-06-03 11:26 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-04 17:47 - 2012-06-03 11:25 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 17:47 - 2012-06-03 11:25 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 14:56 - 2012-06-29 07:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
ZeroAccess:
C:\Windows\Installer\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}
C:\Windows\Installer\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\@
C:\Windows\Installer\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\L
C:\Windows\Installer\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\U
C:\Windows\Installer\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\U\00000001.@
C:\Windows\Installer\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\U\30a984d2bdceec2e9e0b6a9c91531625.szcpf
C:\Windows\Installer\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\U\80000000.@
C:\Windows\Installer\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\U\800000cb.@
ZeroAccess:
C:\Users\Spencer\AppData\Local\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}
C:\Users\Spencer\AppData\Local\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\@
C:\Users\Spencer\AppData\Local\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\L
C:\Users\Spencer\AppData\Local\{24c7305a-2b5e-70e5-075f-e56dd4d01d81}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-06-16 00:54] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B

==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 11%
Total physical RAM: 8139.86 MB
Available physical RAM: 7204.51 MB
Total Pagefile: 8138.01 MB
Available Pagefile: 7191.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:911.13 GB) (Free:656.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:20.08 GB) (Free:2.18 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive h: () (Removable) (Total:3.74 GB) (Free:3.6 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3835 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 911 GB 200 MB
Partition 3 Primary 20 GB 911 GB
Partition 4 Primary 102 MB 931 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 911 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 20 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3835 MB 0 B
======================================================================================================
Disk: 1
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
======================================================================================================
==========================================================
Last Boot: 2012-06-28 01:46
======================= End Of Log ==========================

 

[Broni]

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

[Fantafe]

Farbar Recovery Scan Tool Version: 28-06-2012 02
Ran by SYSTEM at 2012-06-29 13:33:27
Running from H:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-06-29 09:41] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

See if you can boot normally.

If so....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Fantafe]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 28-06-2012 02
Ran by SYSTEM at 2012-06-29 20:25:58 Run:1
Running from H:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\System32\services.exe.E9B19F40BF3FF8EF moved successfully.
C:\Windows\System32\services.exe.0CBC831A7E7F28E6 moved successfully.
C:\Windows\System32\Drivers\inafbuwk.sys moved successfully.
C:\Windows\System32\services.exe.F7A74D6661D10C75 moved successfully.
C:\Windows\System32\services.exe.3FC6A5A549ED327F moved successfully.
C:\Windows\System32\services.exe.4477EA1352089DB6 moved successfully.
C:\Windows\System32\services.exe.663F6946A30AF264 moved successfully.
C:\Windows\System32\services.exe.E410308AE1589539 moved successfully.
C:\Windows\Installer\{24c7305a-2b5e-70e5-075f-e56dd4d01d81} moved successfully.
C:\Users\Spencer\AppData\Local\{24c7305a-2b5e-70e5-075f-e56dd4d01d81} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

 

[Fantafe]

ComboFix 12-06-28.03 - Spencer 06/29/2012 21:06:26.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6118 [GMT -7:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_01ed39ca-99f0-4823-af44-3d7c1a75f493\HP.ActiveCheckLocalMode.Ccl.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_01ed39ca-99f0-4823-af44-3d7c1a75f493\HP.ActiveCheckLocalMode.SharedObjects.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_01ed39ca-99f0-4823-af44-3d7c1a75f493\HP.ActiveCheckLocalMode.UpdateEngine.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 04:13 . 2012-06-30 04:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 21:00 . 2012-06-29 21:02 -------- d-----w- C:\FRST
2012-06-29 15:24 . 2012-06-29 15:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-29 15:24 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 10:07 . 2012-06-29 10:07 -------- d-----w- c:\program files (x86)\ESET
2012-06-29 09:19 . 2012-06-29 09:19 -------- d-----w- C:\found.000
2012-06-29 08:46 . 2012-01-12 16:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-29 08:46 . 2012-06-29 15:52 -------- d-----w- c:\program files (x86)\Common Files\iS3
2012-06-29 08:46 . 2012-06-29 15:52 -------- d-----w- c:\programdata\STOPzilla!
2012-06-29 08:40 . 2012-06-29 08:40 -------- d-----w- c:\users\Spencer\AppData\Roaming\SpeedyPC Software
2012-06-29 08:40 . 2012-06-29 08:40 -------- d-----w- c:\users\Spencer\AppData\Roaming\DriverCure
2012-06-29 08:40 . 2012-06-29 08:40 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-29 08:40 . 2012-06-29 08:40 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-06-29 08:31 . 2011-12-01 23:07 1096688 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-06-29 08:31 . 2012-02-24 17:31 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-06-29 08:31 . 2012-02-24 17:31 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-06-29 08:31 . 2011-12-01 23:07 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-06-29 08:31 . 2011-11-14 22:12 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-06-29 08:31 . 2012-02-24 17:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-29 08:31 . 2012-02-24 17:35 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-06-29 08:31 . 2012-02-24 17:37 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-06-29 08:31 . 2012-06-29 08:33 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-06-29 08:31 . 2012-06-29 08:31 -------- d-----w- c:\programdata\PC Tools
2012-06-29 08:29 . 2012-06-29 08:31 -------- d-----w- c:\users\Spencer\AppData\Roaming\GetRightToGo
2012-06-29 08:09 . 2012-06-29 08:09 50392 ----a-w- c:\windows\system32\drivers\uvudvcet.sys
2012-06-28 19:36 . 2012-06-28 19:42 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-28 18:05 . 2012-06-29 09:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-28 18:02 . 2012-06-28 18:02 -------- d-----w- c:\users\Spencer\AppData\Roaming\Malwarebytes
2012-06-28 18:02 . 2012-06-29 09:24 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 05:04 . 2012-06-29 09:26 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-26 00:43 . 2012-06-29 09:26 -------- d-----w- c:\program files (x86)\Just Cause 2
2012-06-25 21:28 . 2012-06-25 21:28 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-06-22 07:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 07:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 07:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 07:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 07:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 07:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 07:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 07:27 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 07:27 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 10:37 . 2012-06-16 10:37 -------- d-----w- c:\users\Spencer\AppData\Roaming\IDT
2012-06-16 08:57 . 2011-08-23 05:21 265072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-06-16 08:57 . 2011-08-23 05:21 983920 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-06-16 08:55 . 2011-06-10 05:32 246784 ----a-w- c:\windows\system32\input.dll
2012-06-16 08:55 . 2011-06-10 04:30 202240 ----a-w- c:\windows\SysWow64\input.dll
2012-06-16 08:54 . 2011-02-25 06:25 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-06-14 20:39 . 2012-06-14 20:40 -------- d-----w- c:\users\Spencer\AppData\Local\Microsoft Games
2012-06-14 16:32 . 2012-06-14 16:32 -------- d-----w- c:\windows\system32\Macromed
2012-06-13 01:36 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-10 17:10 . 2012-06-10 17:10 -------- d-----w- c:\program files (x86)\Valve
2012-06-10 17:09 . 2012-06-11 04:35 -------- d-----w- c:\program files (x86)\Portal
2012-06-07 23:26 . 2012-06-07 23:26 -------- d-----w- c:\windows\Sun
2012-06-07 01:59 . 2012-06-11 04:36 -------- d-----w- c:\users\Spencer\AppData\Local\SKIDROW
2012-06-06 22:49 . 2012-06-06 22:49 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-04 18:36 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-06-03 21:42 . 2012-06-03 21:42 -------- d-----w- c:\program files\Java
2012-06-03 19:36 . 2012-06-03 21:42 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-03 19:36 . 2012-06-03 21:42 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-03 19:35 . 2012-06-22 06:37 -------- d-----w- c:\users\Spencer\AppData\Roaming\SPORE
2012-06-03 19:26 . 2012-06-03 19:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-03 19:26 . 2012-06-03 19:26 -------- d-----w- c:\program files (x86)\Oracle
2012-06-03 19:26 . 2012-04-05 01:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-03 19:25 . 2012-04-05 01:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-03 19:25 . 2012-06-03 19:25 -------- d-----w- c:\program files (x86)\Java
2012-06-03 18:40 . 2012-06-13 07:03 -------- d-----w- c:\programdata\CyberLink
2012-06-03 18:40 . 2012-06-03 18:40 -------- d-----w- c:\users\Public\CyberLink
2012-06-03 18:40 . 2012-06-03 18:40 -------- d-----w- c:\users\Spencer\AppData\Roaming\CyberLink
2012-06-03 18:40 . 2012-06-03 18:40 -------- d-----w- c:\users\Spencer\AppData\Local\CyberLink
2012-06-03 08:39 . 2012-06-03 08:38 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-06-03 08:37 . 2012-06-03 08:37 -------- d-----w- c:\program files (x86)\Cisco
2012-06-03 08:34 . 2012-06-03 08:34 8604672 ----a-w- c:\windows\system32\drivers\NETwNs64.sys
2012-06-03 08:33 . 2012-06-03 08:33 91648 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-06-03 08:33 . 2012-06-03 08:33 81920 ----a-w- c:\windows\system32\nusb3co2.dll
2012-06-03 08:33 . 2012-06-03 08:33 208896 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-06-03 08:26 . 2012-06-03 08:26 -------- d-----w- c:\windows\en
2012-06-03 08:24 . 2012-06-03 08:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-03 08:22 . 2012-06-03 08:22 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\781a0e1cd416201\DSETUP.dll
2012-06-03 08:22 . 2012-06-03 08:22 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\781a0e1cd416201\DXSETUP.exe
2012-06-03 08:22 . 2012-06-03 08:22 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\781a0e1cd416201\dsetup32.dll
2012-06-03 08:22 . 2012-06-03 08:22 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a9d9281cd416202\MeshBetaRemover.exe
2012-05-31 20:27 . 2012-06-14 16:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 16:32 . 2011-08-02 18:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-03 08:38 . 2011-10-27 08:55 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-05-28 08:48 . 2012-05-28 08:48 431104 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-28 08:48 . 2012-05-28 08:48 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-28 08:48 . 2012-05-28 08:48 136192 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-28 08:48 . 2012-05-28 08:48 114688 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-28 08:28 . 2012-05-28 08:28 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-27 09:19 . 2012-05-27 09:19 226304 ----a-w- c:\windows\SysWow64\binkw32.dll
2012-05-27 07:57 . 2012-05-27 07:57 1662 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2012-05-27 06:03 . 2012-05-27 06:03 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-05-26 18:44 . 2012-05-26 18:44 376320 ----a-r- c:\users\Spencer\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2012-05-15 08:41 . 2012-05-23 02:15 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{289807EC-0B07-4835-8545-8A1E9387A7D8}\mpengine.dll
2012-04-25 18:35 . 2012-04-25 18:35 23376 ----a-r- c:\windows\SysWow64\SZIO5.dll
2012-04-25 18:35 . 2012-04-25 18:35 546640 ----a-r- c:\windows\SysWow64\SZComp5.dll
2012-04-25 18:35 . 2012-04-25 18:35 481104 ----a-r- c:\windows\SysWow64\SZBase5.dll
2012-04-20 00:39 . 2012-04-20 00:39 29008 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
2012-04-20 00:39 . 2012-04-20 00:39 231248 ----a-r- c:\windows\SysWow64\IS3Win325.dll
2012-04-20 00:39 . 2012-04-20 00:39 390992 ----a-r- c:\windows\SysWow64\IS3UI5.dll
2012-04-20 00:39 . 2012-04-20 00:39 100176 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
2012-04-20 00:39 . 2012-04-20 00:39 104272 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
2012-04-20 00:39 . 2012-04-20 00:39 67408 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
2012-04-20 00:39 . 2012-04-20 00:39 132944 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
2012-04-20 00:39 . 2012-04-20 00:39 456528 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
2012-04-20 00:39 . 2012-04-20 00:39 808784 ----a-r- c:\windows\SysWow64\IS3Base5.dll
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-06-03 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 iscFlash;iscFlash;c:\program files (x86)\SP55068\iscflashx64.sys [2011-01-20 49216]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-23 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2011-11-14 367912]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2011-12-01 453896]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-02-24 230952]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-06 263496]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-06-03 2413056]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2012-06-03 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-06-03 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-06-03 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-06-03 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 16:32]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2633730853-1098832519-2509257754-1000Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 23:27]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2633730853-1098832519-2509257754-1000UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 23:27]
.
2012-06-24 c:\windows\Tasks\HPCeeScheduleForSpencer.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-06-29 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-06-29 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-02 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-01305016.sys
SafeBoot-sdAuxService
SafeBoot-sdCoreService
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2633730853-1098832519-2509257754-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:a7,96,f3,18,bc,88,18,36,f0,dd,6e,0e,f5,0e,68,95,15,a7,7b,d8,a0,
d8,fd,7d,33,5d,bd,91,5d,2d,78,ee,57,a5,d4,30,02,1d,9f,17,40,f7,c2,54,d6,94,\
"rkeysecu"=hex:e6,41,fc,55,d9,14,c0,91,d3,59,95,67,8e,b5,1a,51
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-29 21:15:00
ComboFix-quarantined-files.txt 2012-06-30 04:15
.
Pre-Run: 704,673,292,288 bytes free
Post-Run: 704,151,523,328 bytes free
.
- - End Of File - - DE5D540E32D74843EB83A1F1132C74D5

 

[Broni]

Looks good.

How is computer doing?

==============================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==================================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Fantafe]

It's working a lot better, no more critical error shutdown, it's running faster and windows firewall came back on.
I'll have those logs posted in a minute.

 

[Fantafe]

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.30.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Spencer :: WIN-VFVV4BKR1AB [administrator]
Protection: Disabled
6/29/2012 9:44:27 PM
mbam-log-2012-06-29 (21-44-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220492
Time elapsed: 2 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[Fantafe]

OTL logfile created on: 6/29/2012 9:49:19 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Spencer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 72.93% Memory free
15.90 Gb Paging File | 13.67 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.13 Gb Total Space | 655.87 Gb Free Space | 71.98% Space Free | Partition Type: NTFS
Drive D: | 20.08 Gb Total Space | 2.18 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive G: | 3.74 Gb Total Space | 3.59 Gb Free Space | 96.05% Space Free | Partition Type: FAT32

Computer Name: WIN-VFVV4BKR1AB | User Name: Spencer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 21:47:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe
PRC - [2012/06/03 01:33:02 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/10/17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/15 17:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/14 23:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2011/05/25 00:04:22 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011/05/05 23:06:46 | 000,263,496 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/12/22 13:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 13:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 00:51:33 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0767c3bc7cd93daf38517843d29ce808\IAStorUtil.ni.dll
MOD - [2012/06/12 23:33:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/12 23:33:32 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/28 03:53:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/28 03:53:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/28 03:53:29 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9eed0fcdc582550a65536d1150b49574\IAStorCommon.ni.dll
MOD - [2012/05/28 03:52:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/28 03:52:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/28 03:52:51 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/28 03:52:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/08 22:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/07/27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2011/06/02 05:11:26 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/06/14 09:32:29 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/03 01:38:40 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/05/25 19:23:27 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012/05/25 19:23:25 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/05 23:06:46 | 000,263,496 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2010/12/22 13:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/22 13:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/03 01:38:40 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/06/03 01:34:06 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2012/06/03 01:33:02 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/06/03 01:33:02 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/08 23:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/08 20:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 10:36:50 | 000,230,952 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/01 16:07:08 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/11/14 15:12:28 | 000,367,912 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/10/17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/02 11:35:06 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/02 11:35:06 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/15 01:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/06/02 05:11:26 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/25 22:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 17:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/01/19 17:16:14 | 000,049,216 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SP55068\iscflashx64.sys -- (iscFlash)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 81 ED 7B 1D E2 CA 01 [binary data]
IE - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Spencer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Spencer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/05/28 17:01:31 | 000,000,000 | ---D | M]

[2012/05/25 07:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/25 07:31:09 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Spencer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Website Logon = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\
CHR - Extension: Gmail = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/29 20:49:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2633730853-1098832519-2509257754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{061E912B-7983-49F5-AE69-F67EC6A07488}: DhcpNameServer = 10.50.0.5 10.0.0.7 10.175.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42E658AF-549C-4DEA-ABD0-988967016997}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 21:47:38 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe
[2012/06/29 21:41:39 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{1027258C-DACE-4CCD-B7D0-B9E4F884009E}
[2012/06/29 21:41:14 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{77D81811-77E9-45C2-AF86-FA233D6B1A00}

 

[Fantafe]

[2012/06/29 21:03:03 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\Spencer\Desktop\ComboFix.exe
[2012/06/29 21:01:21 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{0137DF34-679A-4974-90F2-8E7F1B67E1F1}
[2012/06/29 20:39:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/29 20:39:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/29 20:39:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/29 14:00:46 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/29 08:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/29 08:24:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/29 08:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/29 08:22:55 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{8E1FF27C-25AC-4563-8716-39AFD294D7BA}
[2012/06/29 03:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/29 03:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Cease 2011
[2012/06/29 02:57:13 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{135C3BC0-8C88-4D23-AA45-69D89B59D0BF}
[2012/06/29 02:45:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/29 02:45:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/29 02:19:35 | 000,000,000 | ---D | C] -- C:\found.000
[2012/06/29 01:46:52 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/06/29 01:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/06/29 01:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/06/29 01:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2012/06/29 01:40:57 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\SpeedyPC Software
[2012/06/29 01:40:57 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\DriverCure
[2012/06/29 01:40:55 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/06/29 01:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/06/29 01:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/06/29 01:31:35 | 001,096,688 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/06/29 01:31:34 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/06/29 01:31:34 | 000,339,608 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/06/29 01:31:34 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/06/29 01:31:33 | 000,367,912 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/06/29 01:31:32 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/29 01:31:32 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/06/29 01:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/06/29 01:31:30 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/06/29 01:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/29 01:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/29 01:29:58 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\GetRightToGo
[2012/06/28 12:38:55 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{250D278D-FF16-428B-8815-F9011650F613}
[2012/06/28 12:36:57 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/06/28 11:32:15 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{70058F6F-A1C2-4EB4-86EB-8E02F3340482}
[2012/06/28 11:32:04 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{CA5692FC-94CB-4F5A-9DA8-C3F97D6B4380}
[2012/06/28 11:18:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/28 11:05:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/28 11:02:09 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\Malwarebytes
[2012/06/28 11:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/28 10:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/06/28 10:20:35 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{4A3C9494-1145-4662-9674-E092966A5A6B}
[2012/06/28 10:14:56 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{E91AB8AA-9AF2-49DD-A55D-36888AC22FC2}
[2012/06/27 22:04:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/27 12:39:24 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{CB4E5EB8-66E1-4A26-9459-DFE02248355F}
[2012/06/27 12:39:02 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{D87D9047-B88D-43E8-8312-FF8B2FE9AC4A}
[2012/06/26 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{95BC66A9-CE51-4489-B023-C90BB186C208}
[2012/06/26 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{506DACD5-7047-491E-82F9-6271533E6DB3}
[2012/06/25 17:47:36 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Documents\Square Enix
[2012/06/25 17:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Just Cause 2
[2012/06/25 14:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012/06/25 11:14:00 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{86A6C74E-C3F0-4154-A7B3-D68377BA2FB1}
[2012/06/25 11:13:39 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{AFF3C4F7-3111-455D-BD54-06807FF6D09B}
[2012/06/24 22:31:26 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{B029511B-16ED-4689-A9EB-E0993E306109}
[2012/06/24 22:31:00 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{3CA2EEEE-1312-4A1C-B71E-335ECAACD9D6}
[2012/06/24 18:47:27 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{51547516-DED5-4122-BE2F-284505CD3597}
[2012/06/23 01:22:37 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{2AE42F09-B4E6-4622-B4CF-7F33966FD455}
[2012/06/23 01:22:15 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{894CFFB3-D61B-4F5E-94FF-4DE5C3A1EB00}
[2012/06/22 11:37:09 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{563AF5DF-471A-4D7B-B92E-47ACD2F18686}
[2012/06/22 11:36:47 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{7E6E0ED5-66BE-4EA0-8E1F-7EE2EA6852BB}
[2012/06/21 21:47:53 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{1F2962E5-7C69-4631-9D66-034A9A84CAEF}
[2012/06/21 21:47:31 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{A3609FCA-BA64-4A37-8E5D-AA974B2D13B2}
[2012/06/21 12:33:15 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{E8C6044C-8C53-4B3E-A348-F250021A6C97}
[2012/06/20 21:52:47 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{30326932-140C-4E8D-9EAD-8A52B1B6D314}
[2012/06/20 21:52:25 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{E70B6F8D-6796-4B3B-B193-EE36203C8CE1}
[2012/06/20 09:52:06 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{A3CEBD28-0F22-4C88-AF72-411C725943EE}
[2012/06/20 09:52:01 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{DF395437-8A1D-4C0E-8409-0867C182F2FC}
[2012/06/20 07:58:06 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{CE671D1E-5844-4C6E-B74C-C2CE75F805E2}
[2012/06/19 19:57:20 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{AE186B93-9FC4-4309-9211-5D54DF0A2D1C}
[2012/06/19 19:56:58 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{62A8B2BF-2EFE-46DF-A4AD-4050EFED1C29}
[2012/06/19 07:56:37 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{3285CF79-6466-48DB-82BF-92D7B79936DB}
[2012/06/19 07:56:24 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{4DD42464-9529-413D-8D92-849DC376DAA5}
[2012/06/19 06:43:10 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{035CD97A-9B97-4453-9B09-EEDBE05C24DF}
[2012/06/18 15:15:41 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{0AFC6201-16A4-4D41-A29E-B37F379EE342}
[2012/06/17 12:26:41 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{D81814EA-4643-4C6E-B595-421AE21A4D45}
[2012/06/17 00:26:06 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{FAEF7F82-DB0C-47A4-90B2-818ACCEB7929}
[2012/06/16 17:57:51 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{5E4B5238-C278-44B3-B4B7-7D25B3A58C28}
[2012/06/16 17:14:10 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{E47795FB-F170-4D77-A587-5869CF892B3D}
[2012/06/16 03:37:20 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\IDT
[2012/06/15 11:44:03 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{A446AD4A-EAFC-4E09-9858-D2D7A24FE9C8}
[2012/06/14 13:39:55 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\Microsoft Games
[2012/06/14 09:32:43 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{4980BF72-8192-40D2-A454-C7F3C58336FD}
[2012/06/14 09:32:42 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{0632FA41-D6B1-48FD-BDF1-06B3471D367D}
[2012/06/14 09:32:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/13 12:01:27 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{EA2B879C-8611-4578-A5A7-6CD4BCC2B945}
[2012/06/13 12:01:25 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{245D85D1-3999-48A9-B978-8E0AA254B67D}
[2012/06/13 09:42:50 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{D62E766A-74CF-46EF-AF12-D31F871994AA}
[2012/06/13 07:37:29 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{4EDB1A38-BA78-4BFB-AA2A-2695A2C06D62}
[2012/06/12 18:29:56 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{CAA0EB32-59B3-4F92-BCFE-7788B74F498B}
[2012/06/12 18:29:25 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{13CFF145-2C81-4D0A-BEE4-8B0BF62CCF80}
[2012/06/11 19:57:16 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{341C9F61-D320-4D9A-8527-DB040D734EEF}
[2012/06/11 19:56:52 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{0135131E-A642-452B-95D4-3A8DB7D479D3}
[2012/06/10 21:43:47 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{D52A0C3F-EFA5-4AD4-910F-7D96C660E659}
[2012/06/10 21:43:24 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{65D80D19-184F-46AF-BD03-E97DDCF9A4D1}
[2012/06/10 10:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2012/06/10 10:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2012/06/10 10:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Portal
[2012/06/09 23:09:48 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{D6AD59BA-B78E-43C9-A9DE-1A7B8CE736D3}
[2012/06/09 23:09:25 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{DC4BC813-5829-4ECD-8469-6D4DBA5973AC}
[2012/06/09 15:28:47 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{FA8091ED-8701-4F06-85C5-67B2F1F860D1}
[2012/06/08 19:19:28 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{EF146CAE-8A0F-4832-90AE-EA27C06E25DB}
[2012/06/08 19:19:06 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{3BE3E7E5-2900-4C88-9AE2-C5932CBE9E52}
[2012/06/08 16:51:34 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{322FE8E1-B3A8-4DDC-BF34-262EA7E63EE4}
[2012/06/07 16:26:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/06/07 16:03:00 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{9DEE8E62-6A5F-4240-9F5C-A098D885791E}
[2012/06/07 16:02:48 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{6E62EEFE-C1C8-4327-BB0F-2BD74FABFEAE}
[2012/06/06 18:59:10 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\SKIDROW
[2012/06/06 15:49:52 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{03C5D34B-CC13-46FC-BC9F-F5C1AA41AB53}
[2012/06/06 15:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/06 15:49:29 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{2F68204B-0D58-43F1-A156-AA3822813BCC}
[2012/06/05 15:05:55 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{D224E1AD-2065-46E9-BD4E-2CF095705F77}
[2012/06/05 15:05:31 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{3663162E-69FC-4C96-9688-D8ACF6AF1ED7}
[2012/06/04 07:38:55 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{24E7C519-7B02-4AD8-BDEE-10C472421EDE}
[2012/06/03 20:16:24 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Documents\My Spore Creations
[2012/06/03 14:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/03 12:35:59 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\SPORE
[2012/06/03 12:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/03 12:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/03 12:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/03 12:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/03 11:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/06/03 11:40:07 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Documents\Youcam
[2012/06/03 11:40:07 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\CyberLink
[2012/06/03 11:40:07 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\CyberLink
[2012/06/03 11:26:09 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{EF227401-B70E-4E97-8331-0CC911DAAE75}
[2012/06/03 11:25:45 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{FBE87082-AB55-41AC-80A0-80D9CD57B797}
[2012/06/03 11:23:43 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{4694EF5A-B4C1-4795-9202-B363C6DD495D}
[2012/06/03 11:22:26 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{9CA8109A-47EE-48AA-A0D6-1786D29C4E84}
[2012/06/03 01:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012/06/03 01:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/06/03 01:33:02 | 000,208,896 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys
[2012/06/03 01:33:02 | 000,091,648 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys
[2012/06/03 01:33:02 | 000,081,920 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\nusb3co2.dll
[2012/06/03 01:26:14 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/02 21:43:21 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{C2784EF6-4BC1-49BD-AFD6-5FA085F4B0EF}
[2012/06/02 21:43:04 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{ED86A45E-89B8-4B8E-B722-4E7722EC3BA5}
[2012/06/02 21:41:51 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{30CFF8C6-DDB6-4C3F-BCA6-4840A70E8710}
[2012/05/31 22:24:27 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Documents\Rockstar Games
[2012/05/31 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{660BA909-5783-46AB-9D0F-83FC87120F30}
[2012/05/31 22:15:09 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{287CB07D-B3EF-4B69-8AC3-B1598CCDEF94}
[2012/05/31 18:29:52 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{3B92E555-D1EE-415E-A16F-15A50FAC006E}
[2012/05/31 18:29:30 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{F5244E88-EC9F-42E8-A232-7390A171A1DD}
[2012/05/31 15:13:00 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{778CAE1B-800F-4146-B64E-D5EEDF7DC5C5}
[2012/05/31 15:12:38 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{6430E8B4-C54F-452C-9B95-23F6F3D1B681}
[2012/05/31 13:28:52 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{5A8A89A9-E58B-42A2-89C3-0471F94E7BBA}
[2012/05/31 13:28:26 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{F66A16E5-E28D-4FFA-9BC1-0F0883D1EFFE}

========== Files - Modified Within 30 Days ==========

[2012/06/29 21:47:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe
[2012/06/29 21:32:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2633730853-1098832519-2509257754-1000UA.job
[2012/06/29 21:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 21:07:15 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 21:07:15 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 21:05:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/29 21:05:27 | 000,681,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/29 21:05:27 | 000,128,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/29 21:04:42 | 000,811,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/29 20:59:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/29 20:59:46 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 20:49:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/29 20:25:06 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Spencer\Desktop\ComboFix.exe
[2012/06/29 09:14:30 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/29 09:10:13 | 000,808,222 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/29 08:24:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/29 02:14:04 | 000,000,012 | ---- | M] () -- C:\Users\Spencer\Desktop\ff.bat
[2012/06/29 01:40:58 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/29 01:40:55 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/27 16:32:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2633730853-1098832519-2509257754-1000Core.job
[2012/06/23 18:13:40 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSpencer.job
[2012/06/14 13:36:40 | 000,007,595 | ---- | M] () -- C:\Users\Spencer\AppData\Local\Resmon.ResmonCfg
[2012/06/12 23:31:34 | 004,999,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/11 19:55:12 | 000,002,418 | ---- | M] () -- C:\Users\Spencer\Desktop\Google Chrome.lnk
[2012/06/08 16:57:02 | 000,001,196 | ---- | M] () -- C:\Users\Spencer\Desktop\Videos.lnk
[2012/06/06 16:26:18 | 000,000,512 | ---- | M] () -- C:\Users\Spencer\Documents\cc_20120606_162616.reg
[2012/06/06 16:25:57 | 000,136,628 | ---- | M] () -- C:\Users\Spencer\Documents\cc_20120606_162551.reg
[2012/06/06 16:25:22 | 001,835,836 | ---- | M] () -- C:\Users\Spencer\Documents\cc_20120606_162435.reg
[2012/06/03 01:35:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012/06/03 01:33:02 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys
[2012/06/03 01:33:02 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys
[2012/06/03 01:33:02 | 000,081,920 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\nusb3co2.dll

========== Files Created - No Company Name ==========

[2012/06/29 20:39:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/29 20:39:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/29 20:39:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/29 20:39:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/29 20:39:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/29 08:24:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/29 02:14:04 | 000,000,012 | ---- | C] () -- C:\Users\Spencer\Desktop\ff.bat
[2012/06/29 01:40:58 | 000,000,448 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/29 01:40:55 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/06 16:26:17 | 000,000,512 | ---- | C] () -- C:\Users\Spencer\Documents\cc_20120606_162616.reg
[2012/06/06 16:25:52 | 000,136,628 | ---- | C] () -- C:\Users\Spencer\Documents\cc_20120606_162551.reg
[2012/06/06 16:24:38 | 001,835,836 | ---- | C] () -- C:\Users\Spencer\Documents\cc_20120606_162435.reg
[2012/06/03 11:39:54 | 000,002,139 | ---- | C] () -- C:\Users\Spencer\Desktop\Skype.lnk
[2012/06/03 01:35:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012/05/31 13:27:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/28 00:21:14 | 000,007,595 | ---- | C] () -- C:\Users\Spencer\AppData\Local\Resmon.ResmonCfg
[2012/05/27 01:29:52 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/05/26 23:03:57 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/05/26 14:04:45 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012/05/25 19:24:35 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/05/22 19:53:54 | 000,808,222 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/08 21:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/08 21:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/27 02:01:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/27 01:54:04 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/10/27 01:52:45 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/13 07:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/25 22:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/25 22:16:08 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

========== LOP Check ==========

[2012/06/29 02:25:11 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\.minecraft
[2012/06/29 01:40:57 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\DriverCure
[2012/05/25 17:47:09 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\GameTuts
[2012/06/29 01:31:14 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\GetRightToGo
[2012/06/16 03:37:20 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\IDT
[2012/06/27 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\IMVU
[2012/06/29 02:26:25 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\IMVUClient
[2012/05/25 17:21:54 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\Kalypso Media
[2012/05/26 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\Petroglyph
[2012/06/29 01:40:57 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\SpeedyPC Software
[2012/06/21 23:37:34 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\SPORE
[2012/05/26 21:55:02 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\Stardock
[2010/04/22 00:57:19 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\Synaptics
[2012/05/25 20:55:37 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\Tropico 4
[2012/06/28 13:30:31 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\uTorrent
[2012/05/28 14:08:57 | 000,000,000 | ---D | M] -- C:\Users\Spencer\AppData\Roaming\Windows Live Writer
[2009/07/13 22:08:49 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/29 01:40:58 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/06/29 01:40:55 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/06/29 21:15:01 | 000,028,125 | ---- | M] () -- C:\ComboFix.txt
[2012/06/29 20:59:46 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 20:59:48 | 4240,293,887 | -HS- | M] () -- C:\pagefile.sys
[2012/06/28 11:05:14 | 000,137,704 | ---- | M] () -- C:\TDSSKiller.2.7.42.0_28.06.2012_11.03.32_log.txt
[2012/06/28 13:36:43 | 000,272,854 | ---- | M] () -- C:\TDSSKiller.2.7.42.0_28.06.2012_13.34.24_log.txt
[2012/06/29 02:48:53 | 000,276,448 | ---- | M] () -- C:\TDSSKiller.2.7.42.0_29.06.2012_02.46.47_log.txt
[2012/06/29 03:13:38 | 000,273,704 | ---- | M] () -- C:\TDSSKiller.2.7.42.0_29.06.2012_03.12.08_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/22 00:58:04 | 000,000,221 | -HS- | M] () -- C:\Users\Spencer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/29 20:25:06 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Spencer\Desktop\ComboFix.exe
[2012/06/29 21:47:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/29 21:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 16:32:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2633730853-1098832519-2509257754-1000Core.job
[2012/06/29 21:32:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2633730853-1098832519-2509257754-1000UA.job
[2012/06/23 18:13:40 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSpencer.job
[2012/06/29 21:00:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/13 22:08:49 | 000,032,646 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/06/29 01:40:58 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/29 01:40:55 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/05/22 19:29:32 | 000,000,402 | -HS- | M] () -- C:\Users\Spencer\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TempFC5A2B2
< End of report >

 

[Fantafe]

2

 

[Fantafe]

OTL Extras logfile created on: 6/29/2012 9:49:19 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Spencer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 72.93% Memory free
15.90 Gb Paging File | 13.67 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.13 Gb Total Space | 655.87 Gb Free Space | 71.98% Space Free | Partition Type: NTFS
Drive D: | 20.08 Gb Total Space | 2.18 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive G: | 3.74 Gb Total Space | 3.59 Gb Free Space | 96.05% Space Free | Partition Type: FAT32

Computer Name: WIN-VFVV4BKR1AB | User Name: Spencer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FADAFB6-4D7D-48DB-958C-8D3988E611CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9EB10F9-84BE-4873-9E8A-7398C5FED68D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EF15F75-3DA2-2167-CB03-D096BD1D96FE}" = AMD Accelerated Video Transcoding
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}" = HP Officejet 6500 E710n-z Product Improvement Study
"{D9E4FD9A-F224-46DD-DB34-07CBAAC751B9}" = AMD Media Foundation Decoders
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC0C2372-95DC-0BDF-D9F0-0183D60EDA7B}" = AMD Drag and Drop Transcoding
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB8CB62-1D52-189E-6C4F-FE92C28AD733}" = ATI AVIVO64 Codecs
"{F3CC3FF6-CF70-3B19-98FE-A411068E231B}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00153A85-0945-799E-46A5-C92D3C6F852E}" = CCC Help Korean
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B0D915A-757F-4B87-8E6B-FDBF0F441E8D}" = HP Documentation
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{253150A5-DC0A-2080-9A5F-5D1D7D5FE538}" = CCC Help German
"{26373639-CF84-06C2-066F-9C8306F7DE1C}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2833C032-ADB3-DDFF-94BC-E4F556A57A39}" = CCC Help Chinese Standard
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars Knights of the Old Republic
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
"{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1" = Penumbra Episode 1
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}" = HP SimplePass 2011
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343CDF30-F02E-00A0-C681-3266755A9CF9}" = CCC Help Thai
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{465952F9-CEC8-FD8C-574A-A6CE7A4FE9A6}" = CCC Help French
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D975D-9BF3-43CF-AA30-7186CEE3D9DE}" = STOPzilla
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{5052F2A7-5DDE-47F5-BF29-673C10F3DA87}_is1" = Penumbra Requiem
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57C52D54-F464-0C21-6E2D-DF3CA0D16199}" = CCC Help Czech
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel(R) Wireless Display
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71B4B6ED-C675-1947-1830-163C63C52C80}" = CCC Help Finnish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7336979E-3A74-E6EE-B0EF-715EEAAE4D12}" = CCC Help Polish
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C6D633F-CD63-538F-0D46-BBFA89BE2CA7}" = CCC Help Italian
"{8299C2A2-B636-AE0D-ECDB-4358535DCC71}" = CCC Help Russian
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{8753E305-2735-A63F-FA35-EA98C9FA70F6}" = CCC Help Danish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F882BD9-0CF9-3DD3-FE6F-3A796F63EBCD}" = CCC Help Hungarian
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft

 

[Fantafe]

Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{91BF0423-BB43-272D-80E1-A5873E17365C}" = CCC Help Greek
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5D5108C-E812-678A-91FE-29D1BDAE636A}" = Catalyst Control Center
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A82DC409-6B11-127D-A53C-CD0496FF54A6}" = CCC Help Turkish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACF57150-4C0B-87D5-68B3-2E0119C00FB7}" = CCC Help Japanese
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B805B3B9-B49E-D4EA-AC63-627236C88ECA}" = CCC Help Swedish
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C69B6BEC-7210-CC4B-0F47-9249E7275899}" = CCC Help Norwegian
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D510ABE2-54BC-1B28-536A-93ED833C79D8}" = CCC Help English
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E049D7E3-E539-B0CD-1A30-6E0F34EEE85F}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E4AE4C6A-891A-3500-1C3E-7A0AA6C65D02}" = CCC Help Dutch
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA50CFE3-9956-C898-0B39-FF72CF7DE840}" = CCC Help Spanish
"{EA5700B4-7DD1-68DE-8F44-7C2B48E59572}" = HydraVision
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC8CD933-2705-E3A4-C559-A94F32CEE3E1}" = CCC Help Chinese Traditional
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8D01829-1CA1-39E2-9FA2-4A5F06F96595}" = Catalyst Control Center Graphics Previews Common
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Counter-Strike 1.6" = Counter-Strike 1.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVE" = EVE Online (remove only)
"Fallout New Vegas_is1" = Fallout New Vegas
"Galactic Civilizations II - Dread Lords" = Galactic Civilizations II - Dread Lords
"Halo" = Microsoft Halo
"Impulse" = Impulse
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"MW3v1.4.382" = MW3
"OpenAL" = OpenAL
"Postal 2_is1" = Portal 2
"PowerISO" = PowerISO
"PremElem90" = Adobe Premiere Elements 9
"ProInst" = Intel PROSet Wireless
"SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
"SP42233" = HP Softpaq SP42233
"Steam App 440" = Team Fortress 2
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VIP Access SDK" = VIP Access SDK (1.0.1.2)
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WTA-07423c9a-1dae-4776-871c-051c92550cee" = Mah Jong Medley
"WTA-0ca27c74-7e64-4890-817a-d50985a113e3" = Bejeweled 3
"WTA-14aff17a-1a7c-4ca5-912e-5ae4c32aad3f" = Cake Mania
"WTA-1e63968c-e2ab-4ad8-8dc3-9e9131c49bd9" = Penguins!
"WTA-25b6fc56-400f-481b-85e2-d9feec3d2eb7" = Plants vs. Zombies - Game of the Year
"WTA-26cf44f8-bc7e-44e3-8a3c-5561ce991975" = Cradle of Rome 2
"WTA-30cd400b-692a-488b-aae5-e94b7c61cb0e" = Farm Frenzy
"WTA-379a73ec-10fd-4422-b9fa-ad35404f83ca" = Mystery of Mortlake Mansion
"WTA-48ca9220-aced-4b7e-a0e7-ab6b53120bd8" = Blackhawk Striker 2
"WTA-51ddbcb8-355a-4852-b638-7ff7a2b187c9" = Chuzzle Deluxe
"WTA-629fca0d-e779-4a59-82cc-3063b912b5ac" = FATE
"WTA-711a55b4-a6dc-4010-9812-a447eadc7823" = Slingo Supreme
"WTA-783d8a7f-2a9e-4cfe-9d80-6a898c6eea59" = Poker Superstars III
"WTA-7b737238-87d8-45c7-8d89-f3c4b0d97a1e" = Vacation Quest - The Hawaiian Islands
"WTA-843e8832-f969-4aae-a2ae-9b2b24895c95" = Virtual Villagers 5 - New Believers
"WTA-8b884303-dded-434e-835e-22faa0cbeb57" = Blasterball 3
"WTA-a625096b-5c27-40db-a125-384a1907d676" = Agatha Christie - Peril at End House
"WTA-ac070de8-55fc-4188-a8fc-b85461884f34" = Governor of Poker 2 Premium Edition
"WTA-c8ed2314-1bae-408d-bece-67c09cab9039" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-ca97bef9-b516-4235-b971-fcc4aec79115" = Bounce Symphony
"WTA-ce474c7c-6d2f-4ee2-8cb8-ee3b0dcc8f39" = Polar Golfer
"WTA-e70cbc3f-eacb-45e6-9149-96765d5170a8" = Polar Bowler
"WTA-ef0c85bf-5596-4180-93f3-801bf2b4705d" = Namco All-Stars: PAC-MAN
"WTA-f3872f59-d607-4a54-b250-47700a019bda" = Chronicles of Albian
"WTA-f49db01d-f173-4c35-872e-586ceac07444" = Zuma Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2633730853-1098832519-2509257754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Tropico 4" = Tropico 4 1.00

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2012 2:01:05 PM | Computer Name = Spencer-HP | Source = Windows Search Service | ID = 3028
Description =

Error - 6/28/2012 2:01:05 PM | Computer Name = Spencer-HP | Source = Windows Search Service | ID = 3058
Description =

Error - 6/28/2012 2:01:05 PM | Computer Name = Spencer-HP | Source = Windows Search Service | ID = 7010
Description =

Error - 6/28/2012 2:01:05 PM | Computer Name = Spencer-HP | Source = Windows Search Service | ID = 7042
Description =

Error - 6/28/2012 2:03:25 PM | Computer Name = Spencer-HP | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.60.0.80 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1718 Start Time:
01cd55582f671017 Termination Time: 0 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: 8c41acd2-c14b-11e1-a5b0-101f741d2bee

Error - 6/28/2012 2:06:15 PM | Computer Name = Spencer-HP | Source = WinMgmt | ID = 10
Description =

Error - 6/28/2012 2:27:47 PM | Computer Name = Spencer-HP | Source = MsiInstaller | ID = 10005
Description =

Error - 6/28/2012 2:31:08 PM | Computer Name = Spencer-HP | Source = WinMgmt | ID = 10
Description =

Error - 6/28/2012 2:38:12 PM | Computer Name = Spencer-HP | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.
System
Error: The RPC server is unavailable. .

Error - 6/28/2012 2:38:43 PM | Computer Name = Spencer-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 5/23/2012 3:27:27 AM | Computer Name = Spencer-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233079 at System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource
resource) at HP.SupportAssistant.UI.DialogWindows.GenMessage.GenMessage_Closing(Object
sender, CancelEventArgs e) at System.Windows.Window.OnClosing(CancelEventArgs
e) at System.Windows.Window.InternalClose(Boolean shutdown, Boolean ignoreCancel)
at System.Windows.Application.DoShutdown() at System.Windows.Application.ShutdownImpl()
at System.Windows.Application.ShutdownCallback(Object arg) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
Nullable object must have a value. StackTrace: at System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource
resource) at HP.SupportAssistant.UI.DialogWindows.GenMessage.GenMessage_Closing(Object
sender, CancelEventArgs e) at System.Windows.Window.OnClosing(CancelEventArgs
e) at System.Windows.Window.InternalClose(Boolean shutdown, Boolean ignoreCancel)
at System.Windows.Application.DoShutdown() at System.Windows.Application.ShutdownImpl()
at System.Windows.Application.ShutdownCallback(Object arg) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: 20 TargetSite:
Void ThrowInvalidOperationException(System.ExceptionResource)

Error - 6/16/2012 12:18:18 AM | Computer Name = Spencer-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/b3efdcc6_7cd6_420f_b98b_9ee3bf391009/fmdjite039xgpjdmgpriaqxd_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8139 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

Error - 6/22/2012 10:58:48 PM | Computer Name = Spencer-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/1cc99e1f_15dd_4132_8881_ed68317b4583/qboipkhyanbvmfihlgxz4jub_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8139 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 6/29/2012 4:06:30 AM | Computer Name = Spencer-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8139 Ram
Utilization: 10 TargetSite: Void SetWMISysInformation()

Error - 6/29/2012 4:06:30 AM | Computer Name = Spencer-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261HPSFMsgr.exe at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8139 Ram
Utilization: 10 TargetSite: Void SetWMISysInformation()

Error - 6/29/2012 11:34:56 PM | Computer Name = Spencer-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Illegal operation attempted on a registry key that has been marked for deletion StackTrace:
at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask
task) Source: System Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Format:
en-US RAM: 8139 Ram Utilization: 20 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 6/29/2012 11:34:57 PM | Computer Name = Spencer-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259HPSFMsgr.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Illegal operation attempted on a registry key that has been marked for deletion StackTrace:
at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask
task) Source: System Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Format:
en-US RAM: 8139 Ram Utilization: 20 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 6/29/2012 11:43:56 PM | Computer Name = Spencer-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Message: A device
attached to the system is not functioning StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Source: System
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: 20 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 6/29/2012 11:44:13 PM | Computer Name = Spencer-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Cannot execute a program. The command being executed was "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"
/noconfig /fullpaths @"C:\Windows\TEMP\unduhmmk.cmdline". Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8139 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

Error - 6/29/2012 11:44:25 PM | Computer Name = Spencer-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Message: A device
attached to the system is not functioning StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Source: System
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: 20 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

[ HP Software Framework Events ]
Error - 6/8/2012 10:04:12 PM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/08 19:04:12.220|00002100|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/8/2012 10:04:15 PM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/08 19:04:15.003|000023F4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/16/2012 12:18:40 AM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/15 21:18:40.186|00000F74|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/16/2012 12:18:41 AM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/15 21:18:41.617|00001380|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/22/2012 10:53:29 PM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/22 19:53:29.822|000008F8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/22/2012 10:58:51 PM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/22 19:58:51.435|00001444|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/22/2012 10:58:52 PM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/22 19:58:52.375|000010A0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/22/2012 10:58:55 PM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/22 19:58:55.701|00001C30|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/22/2012 10:58:57 PM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/22 19:58:57.972|00000A74|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/22/2012 10:58:58 PM | Computer Name = Spencer-HP | Source = CaslWmi | ID = 5
Description = 2012/06/22 19:58:58.937|00001208|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 6/28/2012 8:41:44 PM | Computer Name = Spencer-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/28/2012 8:41:44 PM | Computer Name = Spencer-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/28/2012 8:41:44 PM | Computer Name = Spencer-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/28/2012 8:41:44 PM | Computer Name = Spencer-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/28/2012 8:41:44 PM | Computer Name = Spencer-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/28/2012 8:42:42 PM | Computer Name = Spencer-HP | Source = Microsoft Antimalware | ID = 1119
Description =

Error - 6/28/2012 8:42:43 PM | Computer Name = Spencer-HP | Source = Microsoft Antimalware | ID = 1119
Description =

Error - 6/28/2012 8:44:31 PM | Computer Name = Spencer-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:41:53 PM on ?6/?28/?2012 was unexpected.

Error - 6/28/2012 8:44:32 PM | Computer Name = Spencer-HP | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the Ancillary Function Driver for
Winsock service which failed to start because of the following error: %%31

Error - 6/28/2012 8:44:32 PM | Computer Name = Spencer-HP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the NetIO Legacy TDI Support Driver
service which failed to start because of the following error: %%31


< End of report >

 

[Broni]

Good news

I don't see any AV program running.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

====================================================

OTL logs are clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Broni]

Still with me?