Solved PLZZ HELP - system restarting automatically - URGENT

I cannot download from that site.
the file is missing
"
Not Found

The requested URL /data/Windows7Ultimate32bit.iso was not found on this server."
 
here is the frst.txt

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 27-07-2012 12:29:13
Running from H:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKU\Admin\...\Run: [AdobeBridge] [x]
HKU\Admin\...\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

================================ Services (Whitelisted) ==================

2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [225280 2009-12-22] ()
2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-15] (NVIDIA Corporation)
2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [381248 2011-10-14] (NVIDIA Corporation)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1343400 2010-12-12] ()
2 WindowBlinds; C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe [230648 2009-06-04] (Stardock Corporation)
2 AffinegyService; "C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe" [x]
2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

2 Dokan; \??\C:\Windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows (R) Win 7 DDK provider)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [101504 2012-06-07] (Huawei Technologies Co., Ltd.)
2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [96056 2012-04-23] (Tonec Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-26] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
3 PPPoEWin; C:\Windows\System32\DRIVERS\PPPoEWin.SYS [102119 2003-08-10] ()
3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]
3 npkcrypt; \??\D:\VanRORE\npkcrypt.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-26 20:12 - 2012-07-26 20:12 - 00000000 ____D C:\FRST
2012-07-26 18:33 - 2012-07-26 18:41 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-26 17:59 - 2012-07-26 18:37 - 00002243 ____A C:\Windows\epplauncher.mif
2012-07-26 17:57 - 2012-07-26 17:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-26 17:47 - 2012-07-26 17:48 - 00000236 ____A C:\Users\Admin\Downloads\FxSasser.log
2012-07-26 17:46 - 2012-07-26 17:46 - 00151696 ____A (Symantec Corporation) C:\Users\Admin\Downloads\fxsasser.exe
2012-07-26 17:39 - 2012-07-26 17:40 - 05721904 ____A C:\Users\Admin\Downloads\BitDefender_Uninstall_Tool.exe
2012-07-26 17:23 - 2012-07-26 20:18 - 00001064 ____A C:\Windows\setupact.log
2012-07-26 17:23 - 2012-07-26 17:49 - 00008468 ____A C:\Windows\PFRO.log
2012-07-26 17:23 - 2012-07-26 17:23 - 00000000 ____A C:\Windows\setuperr.log
2012-07-26 16:54 - 2012-07-26 16:54 - 00001070 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-26 16:54 - 2012-07-26 16:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-26 16:54 - 2012-07-26 16:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-07-26 16:54 - 2012-07-26 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-26 16:54 - 2012-07-03 00:16 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-26 16:52 - 2012-07-26 16:54 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-26 16:47 - 2012-07-26 16:47 - 00000759 ____A C:\rkill.log
2012-07-26 16:46 - 2012-07-26 16:46 - 01012656 ____A C:\Users\Admin\Downloads\rkill.exe
2012-07-26 16:24 - 2012-01-23 10:03 - 00000000 ____D C:\Users\Admin\Desktop\CIntRep-1-2-8-1288
2012-07-26 16:22 - 2012-07-26 16:23 - 00449373 ____A C:\Users\Admin\Downloads\CIntRep-1-2-8-1288.zip
2012-07-26 16:05 - 2012-07-26 16:05 - 00001680 ____A C:\Users\Admin\Desktop\afd7.reg
2012-07-26 15:55 - 2012-07-26 16:01 - 32371496 ____A C:\Users\Admin\Downloads\Fix No Internet Connection After Virus Malware Removal by Britec.mp4
2012-07-26 15:36 - 2012-07-26 15:36 - 00000134 ____A C:\Users\Admin\Downloads\hosts-perm.bat
2012-07-26 15:29 - 2012-07-26 15:30 - 00075995 ____A C:\Users\Admin\Desktop\status.htm
2012-07-26 15:28 - 2012-07-26 17:12 - 00005384 ____A C:\Users\Admin\Desktop\FSS.txt
2012-07-26 15:19 - 2012-07-26 15:19 - 00694833 ____A (Farbar) C:\Users\Admin\Desktop\FSS.exe
2012-07-26 15:18 - 2012-07-26 15:18 - 00001680 ____A C:\Users\Admin\Desktop\AFD-7.reg
2012-07-26 10:47 - 2012-07-02 13:43 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-26 10:40 - 2012-07-26 10:40 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-26 10:37 - 2012-07-26 10:37 - 16373192 ____A (Microsoft Corporation) C:\Users\Admin\Downloads\Windows-KB890830-V4.10.exe
2012-07-26 10:31 - 2012-07-26 10:36 - 70705184 ____A (Microsoft Corporation) C:\Users\Admin\Downloads\msert.exe
2012-07-19 03:08 - 2012-07-19 03:09 - 00000000 ____D C:\Users\Admin\Documents\NFS Most Wanted
2012-07-17 08:22 - 2012-07-17 08:22 - 00071160 ____A C:\Users\Admin\Desktop\eluveitie_thousandfold.gp5
2012-07-12 06:06 - 2012-07-12 06:13 - 05988947 ____A C:\Users\Admin\Desktop\file611(pcfavour.blogspot.com).zip
2012-07-10 06:06 - 2012-07-10 06:09 - 19622162 ____A C:\Users\Admin\Desktop\BYD Corporate Presentation.pptx
2012-07-10 03:42 - 2012-07-18 00:23 - 420094084 ____A C:\Users\Admin\Downloads\Sony.Vegas.Pro.v11.Build.510.511.(32Bit-64Bit).DI.DM999.rar
2012-07-10 03:23 - 2009-12-14 06:09 - 00249344 ____A (TheWindowsClub) C:\Users\Admin\CleanDesktop.exe
2012-07-10 03:22 - 2012-07-10 03:22 - 00000448 _RASH C:\Users\Admin\ntuser.pol
2012-07-07 11:34 - 2012-07-24 05:28 - 00000098 ____A C:\Users\Admin\Documents\zer.txt
2012-06-30 20:54 - 2012-06-30 20:54 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-7238265-1896125294-3291190998-1000Core1cd574589cbd733.job
2012-06-28 20:58 - 2012-06-28 20:58 - 01432093 ____A C:\Users\Admin\1trio.ai
2012-06-28 09:35 - 2012-06-28 09:35 - 00000000 ____D C:\Users\Admin\Oracle
2012-06-28 09:33 - 2012-06-28 09:33 - 00000000 ____D C:\oraclexe
2012-06-28 09:32 - 2011-08-28 11:38 - 00000000 ____D C:\Users\Admin\DISK1

============ 3 Months Modified Files ========================

2012-07-26 20:18 - 2012-07-26 17:23 - 00001064 ____A C:\Windows\setupact.log
2012-07-26 20:15 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 18:43 - 2011-11-11 23:55 - 01623910 ____A C:\Windows\WindowsUpdate.log
2012-07-26 18:41 - 2012-07-26 18:33 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-26 18:37 - 2012-07-26 17:59 - 00002243 ____A C:\Windows\epplauncher.mif
2012-07-26 18:23 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-26 17:58 - 2009-11-03 08:39 - 00803758 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 17:49 - 2012-07-26 17:23 - 00008468 ____A C:\Windows\PFRO.log
2012-07-26 17:48 - 2012-07-26 17:47 - 00000236 ____A C:\Users\Admin\Downloads\FxSasser.log
2012-07-26 17:46 - 2012-07-26 17:46 - 00151696 ____A (Symantec Corporation) C:\Users\Admin\Downloads\fxsasser.exe
2012-07-26 17:40 - 2012-07-26 17:39 - 05721904 ____A C:\Users\Admin\Downloads\BitDefender_Uninstall_Tool.exe
2012-07-26 17:29 - 2009-07-13 20:53 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-26 17:28 - 2010-12-12 19:52 - 00000132 ____A C:\Windows\System32\rezumatenoi.dat
2012-07-26 17:23 - 2012-07-26 17:23 - 00000000 ____A C:\Windows\setuperr.log
2012-07-26 17:12 - 2012-07-26 15:28 - 00005384 ____A C:\Users\Admin\Desktop\FSS.txt
2012-07-26 16:59 - 2012-01-20 01:35 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-7238265-1896125294-3291190998-1000UA.job
2012-07-26 16:54 - 2012-07-26 16:54 - 00001070 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-26 16:54 - 2012-07-26 16:52 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-26 16:47 - 2012-07-26 16:47 - 00000759 ____A C:\rkill.log
2012-07-26 16:46 - 2012-07-26 16:46 - 01012656 ____A C:\Users\Admin\Downloads\rkill.exe
2012-07-26 16:23 - 2012-07-26 16:22 - 00449373 ____A C:\Users\Admin\Downloads\CIntRep-1-2-8-1288.zip
2012-07-26 16:05 - 2012-07-26 16:05 - 00001680 ____A C:\Users\Admin\Desktop\afd7.reg
2012-07-26 16:01 - 2012-07-26 15:55 - 32371496 ____A C:\Users\Admin\Downloads\Fix No Internet Connection After Virus Malware Removal by Britec.mp4
2012-07-26 15:37 - 2009-07-13 18:04 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-07-26 15:36 - 2012-07-26 15:36 - 00000134 ____A C:\Users\Admin\Downloads\hosts-perm.bat
2012-07-26 15:30 - 2012-07-26 15:29 - 00075995 ____A C:\Users\Admin\Desktop\status.htm
2012-07-26 15:19 - 2012-07-26 15:19 - 00694833 ____A (Farbar) C:\Users\Admin\Desktop\FSS.exe
2012-07-26 15:18 - 2012-07-26 15:18 - 00001680 ____A C:\Users\Admin\Desktop\AFD-7.reg
2012-07-26 15:05 - 2012-02-06 07:04 - 00000406 _RASH C:\Users\All Users\ntuser.pol
2012-07-26 10:37 - 2012-07-26 10:37 - 16373192 ____A (Microsoft Corporation) C:\Users\Admin\Downloads\Windows-KB890830-V4.10.exe
2012-07-26 10:36 - 2012-07-26 10:31 - 70705184 ____A (Microsoft Corporation) C:\Users\Admin\Downloads\msert.exe
2012-07-24 05:28 - 2012-07-07 11:34 - 00000098 ____A C:\Users\Admin\Documents\zer.txt
2012-07-20 09:08 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-20 09:08 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-18 00:23 - 2012-07-10 03:42 - 420094084 ____A C:\Users\Admin\Downloads\Sony.Vegas.Pro.v11.Build.510.511.(32Bit-64Bit).DI.DM999.rar
2012-07-17 08:22 - 2012-07-17 08:22 - 00071160 ____A C:\Users\Admin\Desktop\eluveitie_thousandfold.gp5
2012-07-12 06:13 - 2012-07-12 06:06 - 05988947 ____A C:\Users\Admin\Desktop\file611(pcfavour.blogspot.com).zip
2012-07-10 20:02 - 2009-11-03 08:29 - 07376616 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 06:09 - 2012-07-10 06:06 - 19622162 ____A C:\Users\Admin\Desktop\BYD Corporate Presentation.pptx
2012-07-10 03:22 - 2012-07-10 03:22 - 00000448 _RASH C:\Users\Admin\ntuser.pol
2012-07-10 03:21 - 2009-11-03 08:42 - 00189864 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-03 00:16 - 2012-07-26 16:54 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 13:43 - 2012-07-26 10:47 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-30 20:54 - 2012-06-30 20:54 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-7238265-1896125294-3291190998-1000Core1cd574589cbd733.job
2012-06-28 20:58 - 2012-06-28 20:58 - 01432093 ____A C:\Users\Admin\1trio.ai
2012-06-28 20:57 - 2012-06-26 08:43 - 01164410 ____A C:\Users\Admin\trio.ai
2012-06-28 08:59 - 2011-08-24 06:13 - 00045270 ____A C:\Users\Admin\AppData\Roaming\room_v3.dat
2012-06-26 08:34 - 2012-06-17 08:21 - 00097280 __ASH C:\Users\Admin\Thumbs.db
2012-06-22 23:23 - 2012-06-22 23:23 - 00511276 ___AH C:\Windows\MEMORY.DMP
2012-06-18 07:01 - 2012-06-18 07:01 - 00001171 ____A C:\Users\UpdatusUser\Desktop\Kundli for Windows(Lite) 5.0.lnk
2012-06-17 08:16 - 2012-06-17 08:16 - 00955069 ____A C:\Users\Admin\Come When I Call-John Mayer.m4r
2012-06-15 23:12 - 2012-04-20 22:55 - 00000234 ____A C:\Windows\Tasks\SidebarExecute.job
2012-06-15 22:26 - 2012-06-15 22:26 - 00000031 ____A C:\Users\Admin\Documents\zcs.txt
2012-06-08 09:17 - 2012-06-08 09:17 - 00286720 ____A (Indigo Rose Corporation) C:\Windows\iun503.exe
2012-06-07 05:42 - 2012-06-07 05:42 - 00861696 ____A (DiBcom SA) C:\Windows\System32\Drivers\mod7700.sys
2012-06-07 05:42 - 2012-06-07 05:42 - 00204288 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbnet.sys
2012-06-07 05:42 - 2012-06-07 05:42 - 00105984 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
2012-06-07 05:42 - 2012-06-07 05:42 - 00101504 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbdev.sys
2012-06-07 05:42 - 2012-06-07 05:42 - 00027136 ____A (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
2012-06-07 05:42 - 2012-06-07 05:42 - 00011136 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_usbenumfilter.sys
2012-05-15 21:08 - 2012-04-25 22:44 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-15 21:08 - 2012-04-25 22:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-15 21:08 - 2011-11-30 23:35 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-10 01:14 - 2012-05-10 01:14 - 00002210 ____A C:\Users\Admin\Documents\soumil resume.txt
2012-05-02 01:14 - 2012-02-11 22:31 - 00119378 ____A C:\Windows\FontData.fdb


ZeroAccess:
C:\Windows\Installer\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}
C:\Windows\Installer\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\@
C:\Windows\Installer\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\L
C:\Windows\Installer\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\U
C:\Windows\Installer\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\U\00000001.@
C:\Windows\Installer\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\U\80000000.@
C:\Windows\Installer\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\U\800000cb.@

ZeroAccess:
C:\Users\Admin\AppData\Local\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}
C:\Users\Admin\AppData\Local\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\@
C:\Users\Admin\AppData\Local\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\L
C:\Users\Admin\AppData\Local\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\n
C:\Users\Admin\AppData\Local\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2010-12-12 02:50] - [2009-04-11 09:12] - 2641408 ____A (Microsoft Corporation) 4F327F02E252702E7C3E2FED63349A2E

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4094.49 MB
Available physical RAM: 3572.1 MB
Total Pagefile: 4092.77 MB
Available Pagefile: 3575.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.22 MB

======================= Partitions =========================

1 Drive c: (Win7X86) (Fixed) (Total:146.48 GB) (Free:49.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Vinay) (Fixed) (Total:146.48 GB) (Free:13.55 GB) NTFS
3 Drive f: (500 - Soumil 2) (Fixed) (Total:172.79 GB) (Free:11.39 GB) NTFS
4 Drive g: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
5 Drive h: (TRANSCEND) (Removable) (Total:3.77 GB) (Free:1.81 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: () (Fixed) (Total:69.35 GB) (Free:10.59 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 1024 KB
Disk 1 Online 465 GB 7168 KB
Disk 2 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 69 GB 31 KB
Partition 0 Extended 42 GB 69 GB
Partition 2 Logical 38 GB 69 GB
Partition 3 Logical 4094 MB 107 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 69 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 3
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 146 GB 31 KB
Partition 0 Extended 319 GB 146 GB
Partition 2 Logical 146 GB 146 GB
Partition 3 Logical 172 GB 292 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Win7X86 NTFS Partition 146 GB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Vinay NTFS Partition 146 GB Healthy

==================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F 500 - Soumi NTFS Partition 172 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3863 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H TRANSCEND FAT32 Removable 3863 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-01-19 10:58

======================= End Of Log ==========================
 
here is search.txt

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-27 12:31:05
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-26 18:23] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===
 
You did it!

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    393 bytes · Views: 1
Fixlog.txt


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-27 21:08:59 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{3ca6a52d-2ebe-7fc0-b227-048193b885b9} moved successfully.
C:\Users\Admin\AppData\Local\{3ca6a52d-2ebe-7fc0-b227-048193b885b9} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
Combofix logs

ComboFix 12-07-27.03 - Admin 07/27/2012 21:16:12.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1258.84.1033.18.3070.2059 [GMT 5.5:30]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Enabled/Outdated* {5988F8C3-A12C-B8DD-7291-D5248C8353F8}
FW: BitDefender Firewall *Enabled* {61B379E6-EB43-B985-59CE-7C1172501483}
SP: BitDefender Antispyware *Enabled/Outdated* {E2E91927-8716-B753-4821-EE56F7041945}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\windows\Readme.txt
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\handler.reg
c:\windows\system32\oledb32.dll
c:\windows\system32\setup.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 15:51 . 2012-07-27 15:53 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-07-27 15:51 . 2012-07-27 15:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-27 15:51 . 2012-07-27 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 04:12 . 2012-07-27 04:12 -------- d-----w- C:\FRST
2012-07-27 02:33 . 2012-07-27 02:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-27 02:26 . 2012-07-27 02:26 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF580672-264F-4AF3-A1C9-C622D3BDB750}\MpKsl6e1307b6.sys
2012-07-27 02:19 . 2012-07-27 15:53 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF580672-264F-4AF3-A1C9-C622D3BDB750}\offreg.dll
2012-07-27 02:19 . 2012-07-27 02:19 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF580672-264F-4AF3-A1C9-C622D3BDB750}\MpKsl6b4e84bc.sys
2012-07-27 02:06 . 2012-07-27 02:06 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF580672-264F-4AF3-A1C9-C622D3BDB750}\MpKsl0adfc485.sys
2012-07-27 02:03 . 2012-02-09 08:47 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-27 02:03 . 2012-02-09 08:47 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{669460CF-8F45-4190-8E32-8536D170BB46}\gapaengine.dll
2012-07-27 02:02 . 2012-07-15 21:11 6891424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF580672-264F-4AF3-A1C9-C622D3BDB750}\mpengine.dll
2012-07-27 01:57 . 2012-07-27 01:58 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-27 00:54 . 2012-07-27 00:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-07-27 00:54 . 2012-07-27 00:54 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 00:54 . 2012-07-27 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-27 00:54 . 2012-07-03 08:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 18:40 . 2012-07-26 18:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-10 11:23 . 2009-12-14 14:09 249344 ----a-w- c:\users\Admin\CleanDesktop.exe
2012-06-29 04:13 . 2012-06-29 04:13 -------- d-----w- c:\windows\system32\config\systemprofile\Oracle
2012-06-28 17:35 . 2012-06-28 17:35 -------- d-----w- c:\users\Admin\Oracle
2012-06-28 17:33 . 2012-06-28 17:33 -------- d-----w- C:\oraclexe
2012-06-28 17:32 . 2011-08-28 19:38 -------- d-----w- c:\users\Admin\DISK1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 17:17 . 2012-06-08 17:17 286720 ----a-w- c:\windows\iun503.exe
2012-06-07 13:42 . 2012-06-07 13:42 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-06-07 13:42 . 2012-06-07 13:42 27136 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-06-07 13:42 . 2012-06-07 13:42 204288 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-06-07 13:42 . 2012-06-07 13:42 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-06-07 13:42 . 2012-06-07 13:42 105984 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-06-07 13:42 . 2012-06-07 13:42 101504 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2012-05-16 05:08 . 2012-04-26 06:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 05:08 . 2011-12-01 07:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 06:19 . 2011-12-10 05:28 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-06-18 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[-] 2009-10-30 . 5DECCD8F824007CE7ED0ADF917F53FC7 . 2870272 . . [6.1.7600.16385] . . c:\windows\Resources\Themes\Snow Leopard for Windows7\System Files\explorer\64 BIT\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[-] 2009-04-11 . 4F327F02E252702E7C3E2FED63349A2E . 2641408 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2009-04-11 . 4F327F02E252702E7C3E2FED63349A2E . 2641408 . . [6.1.7600.16385] . . c:\windows\Resources\Themes\Snow Leopard for Windows7\System Files\explorer\32 BIT\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{601B3B7D-9106-4F09-B562-6AD52934BAF1}]
2012-03-27 00:31 141312 ------w- c:\programdata\CodecC\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
backup=c:\windows\pss\My_AutoWarkey_Script.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-10-25 09:43 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-10-25 09:43 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-10-25 09:43 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 02:28 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 23:27 406992 ------w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-05-26 01:02 4327744 ----a-w- c:\users\Admin\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 17:55 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-18 14:32 136176 ----atw- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17 31016 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 14:00 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2012-04-23 16:51 3487128 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 14:00 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPhoneDiskDrive]
2011-05-11 02:48 1473024 ----a-w- c:\program files\1am Studios\iPhone Disk Drive\IPhoneDiskDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-07 20:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 08:16 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 11:38 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 14:00 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 08:58 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 09:05 305064 ------w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 06:17 79192 ------w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 08:28 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-08 06:54 236016 ------w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-02-07 04:16 396152 ----a-w- c:\users\Admin\Downloads\utorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 05:08]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-7238265-1896125294-3291190998-1000Core1cd574589cbd733.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 14:32]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-7238265-1896125294-3291190998-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 14:32]
.
2012-06-16 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:14]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_USERS\S-1-5-21-7238265-1896125294-3291190998-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):68,9b,e4,5f,b3,1b,ce,1b,39,9b,e2,50,3c,48,8d,b5,3f,99,79,b4,d8,
34,72,8e,fc,2a,cd,09,88,73,47,e6,1f,2c,4e,12,18,c7,f8,7a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-7238265-1896125294-3291190998-1000_Classes\CLSID\{fdeef6bc-b00d-4cb1-bd54-3225cdedf618}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000089
"Therad"=dword:00000013
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(312)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\AUDIODG.EXE
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-27 21:27:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 15:57
.
Pre-Run: 52,826,972,160 bytes free
Post-Run: 52,772,540,416 bytes free
.
- - End Of File - - 9B956C57A5B4BBCD9484146FCFC1D746
 
Looks good :)

How is computer doing?

============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Admin :: ADMIN-PC [administrator]

Protection: Disabled

7/28/2012 8:35:39 AM
mbam-log-2012-07-28 (08-35-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225533
Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
OTL logfile created on: 7/28/2012 8:47:39 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Admin\Documents\Downloads\Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 65.92% Memory free
6.00 Gb Paging File | 4.89 Gb Available in Paging File | 81.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 48.95 Gb Free Space | 33.42% Space Free | Partition Type: NTFS
Drive D: | 69.35 Gb Total Space | 10.59 Gb Free Space | 15.27% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 13.55 Gb Free Space | 9.25% Space Free | Partition Type: NTFS
Drive F: | 172.79 Gb Total Space | 11.39 Gb Free Space | 6.59% Space Free | Partition Type: NTFS
Drive G: | 142.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 08:36:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\My Documents\Downloads\Programs\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/06/20 11:49:05 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/23 22:21:44 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/14 17:29:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/10/15 14:23:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 14:23:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 14:23:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/06/01 22:12:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/01/10 18:19:20 | 000,014,848 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2010/11/23 14:14:10 | 000,099,752 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
PRC - [2009/12/22 14:47:04 | 000,225,280 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009/12/22 14:43:06 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/14 06:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 06:44:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/06/04 15:13:20 | 000,230,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe
PRC - [2009/04/11 22:42:08 | 002,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 11:49:04 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/16 10:38:25 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2012/07/10 23:09:23 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/20 11:49:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/16 10:38:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/14 17:29:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/15 14:23:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/01 22:12:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/01/10 18:19:20 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010/12/28 13:16:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/12 22:53:30 | 001,343,400 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/03 00:48:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/22 14:47:04 | 000,225,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/10/20 23:49:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 15:13:20 | 000,230,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/28 08:19:42 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12268E00-20F4-455C-B56A-283ACBBD824B}\MpKsl045b6d1a.sys -- (MpKsl045b6d1a)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/07 19:12:18 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/06/07 19:12:18 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2012/04/23 16:56:26 | 000,096,056 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/10/15 14:23:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/01/10 18:19:28 | 000,095,744 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\dokan.sys -- (Dokan)
DRV - [2009/10/20 23:49:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/14 06:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 06:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 06:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 05:21:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 04:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 04:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/02/01 15:55:40 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\VanRORE\npkcrypt.sys -- (npkcrypt)
DRV - [2003/08/11 09:48:28 | 000,102,119 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PPPoEWin.SYS -- (PPPoEWin)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 F7 86 75 A5 5C CA 01 [binary data]
IE - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.8.2
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/12/22 11:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/03/30 14:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/27 07:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 20:39:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2012/07/12 19:44:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2012/07/12 19:44:40 | 000,000,000 | ---D | M]

[2010/12/12 13:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/05/02 10:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\extensions
[2012/03/28 08:40:21 | 000,000,000 | ---D | M] (CodecC) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\extensions\info@allpremiumplay.info
[2011/12/10 10:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 18:08:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/08/28 13:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2012/07/12 19:44:40 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ADMIN\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/06/20 11:49:05 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/29 20:29:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/20 11:49:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/20 11:49:02 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.15\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.15\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.15\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Admin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: CodecC = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnippahjheicjenccifemomfgjofdhp\1.0_0\
CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/27 21:23:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (CodecC Class) - {601B3B7D-9106-4F09-B562-6AD52934BAF1} - C:\ProgramData\CodecC\bhoclass.dll (Injector)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKU\S-1-5-21-7238265-1896125294-3291190998-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-7238265-1896125294-3291190998-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-7238265-1896125294-3291190998-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-7238265-1896125294-3291190998-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46C5E2A9-D496-4C02-9E05-182563C256FD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 21:27:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/27 21:23:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/27 21:21:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2012/07/27 21:14:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/27 21:14:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/27 21:14:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/27 21:13:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/27 21:12:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/27 21:11:43 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/07/27 09:42:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/27 07:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/27 06:24:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/07/27 06:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/27 06:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/27 06:24:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/27 06:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/27 05:54:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\CIntRep-1-2-8-1288
[2012/07/27 04:49:38 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\Admin\Desktop\FSS.exe
[2012/07/27 00:10:39 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/19 16:38:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\NFS Most Wanted
[2012/07/12 19:44:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/07/12 19:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/07/10 16:53:48 | 000,249,344 | ---- | C] (TheWindowsClub) -- C:\Users\Admin\CleanDesktop.exe
[2012/06/28 23:05:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\Oracle
[2012/06/28 23:03:50 | 000,000,000 | ---D | C] -- C:\oraclexe
[2012/06/28 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\DISK1
 
========== Files - Modified Within 30 Days ==========

[2012/07/28 08:25:08 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 08:25:08 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 08:19:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 08:18:57 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 00:10:57 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-7238265-1896125294-3291190998-1000UA.job
[2012/07/27 21:25:29 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/27 21:23:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/27 21:06:26 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/07/27 08:07:10 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/27 07:28:02 | 000,665,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/27 07:28:02 | 000,126,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/27 06:58:41 | 000,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2012/07/27 06:24:45 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 05:35:14 | 000,001,680 | ---- | M] () -- C:\Users\Admin\Desktop\afd7.reg
[2012/07/27 05:07:29 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2012/07/27 05:07:29 | 000,000,824 | ---- | M] () -- C:\Users\Admin\Desktop\hosts
[2012/07/27 05:00:01 | 000,075,995 | ---- | M] () -- C:\Users\Admin\Desktop\status.htm
[2012/07/27 04:49:46 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\Admin\Desktop\FSS.exe
[2012/07/27 04:48:16 | 000,001,680 | ---- | M] () -- C:\Users\Admin\Desktop\AFD-7.reg
[2012/07/24 21:03:59 | 000,218,501 | ---- | M] () -- C:\Users\Admin\Desktop\CITIBANK_REWARDS_PLATINUM_CARD.pdf
[2012/07/24 18:31:16 | 052,651,605 | ---- | M] () -- C:\Users\Admin\Desktop\Musicians_Institute_-_Basic_Blues_Guitar_-__Instructional_BOOK___CD.pdf
[2012/07/19 15:44:22 | 013,721,650 | ---- | M] () -- C:\Users\Admin\Desktop\Nexzone full page Final Ad_2.pdf
[2012/07/18 11:08:26 | 000,081,272 | ---- | M] () -- C:\Users\Admin\Desktop\Ebranding India Profile.pdf
[2012/07/17 21:52:30 | 000,071,160 | ---- | M] () -- C:\Users\Admin\Desktop\eluveitie_thousandfold.gp5
[2012/07/16 09:58:48 | 000,046,719 | ---- | M] () -- C:\Users\Admin\Desktop\483211_505747729451302_299666559_n.jpg
[2012/07/12 19:43:20 | 005,988,947 | ---- | M] () -- C:\Users\Admin\Desktop\file611(pcfavour.blogspot.com).zip
[2012/07/11 09:32:23 | 007,376,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/10 16:52:10 | 000,000,448 | RHS- | M] () -- C:\Users\Admin\ntuser.pol
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/01 10:24:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-7238265-1896125294-3291190998-1000Core1cd574589cbd733.job
[2012/06/29 10:28:26 | 001,432,093 | ---- | M] () -- C:\Users\Admin\1trio.ai
[2012/06/29 10:27:47 | 001,164,410 | ---- | M] () -- C:\Users\Admin\trio.ai
[2012/06/28 22:29:12 | 000,045,270 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\room_v3.dat

========== Files Created - No Company Name ==========

[2012/07/27 21:14:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/27 21:14:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/27 21:14:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/27 21:14:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/27 21:14:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/27 07:29:32 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/27 07:28:05 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/27 06:24:45 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 05:35:14 | 000,001,680 | ---- | C] () -- C:\Users\Admin\Desktop\afd7.reg
[2012/07/27 05:07:29 | 000,000,824 | ---- | C] () -- C:\Users\Admin\Desktop\hosts
[2012/07/27 04:59:59 | 000,075,995 | ---- | C] () -- C:\Users\Admin\Desktop\status.htm
[2012/07/27 04:48:15 | 000,001,680 | ---- | C] () -- C:\Users\Admin\Desktop\AFD-7.reg
[2012/07/24 21:03:59 | 000,218,501 | ---- | C] () -- C:\Users\Admin\Desktop\CITIBANK_REWARDS_PLATINUM_CARD.pdf
[2012/07/24 18:02:19 | 052,651,605 | ---- | C] () -- C:\Users\Admin\Desktop\Musicians_Institute_-_Basic_Blues_Guitar_-__Instructional_BOOK___CD.pdf
[2012/07/19 15:40:59 | 013,721,650 | ---- | C] () -- C:\Users\Admin\Desktop\Nexzone full page Final Ad_2.pdf
[2012/07/18 11:08:25 | 000,081,272 | ---- | C] () -- C:\Users\Admin\Desktop\Ebranding India Profile.pdf
[2012/07/17 21:52:29 | 000,071,160 | ---- | C] () -- C:\Users\Admin\Desktop\eluveitie_thousandfold.gp5
[2012/07/16 09:58:47 | 000,046,719 | ---- | C] () -- C:\Users\Admin\Desktop\483211_505747729451302_299666559_n.jpg
[2012/07/12 19:36:12 | 005,988,947 | ---- | C] () -- C:\Users\Admin\Desktop\file611(pcfavour.blogspot.com).zip
[2012/07/10 16:52:10 | 000,000,448 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2012/07/01 10:24:03 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-7238265-1896125294-3291190998-1000Core1cd574589cbd733.job
[2012/06/29 10:28:23 | 001,432,093 | ---- | C] () -- C:\Users\Admin\1trio.ai
[2012/06/26 22:13:50 | 001,164,410 | ---- | C] () -- C:\Users\Admin\trio.ai
[2012/06/26 22:04:41 | 000,780,963 | ---- | C] () -- C:\Users\Admin\soumil.jpg
[2012/06/26 21:36:36 | 000,959,386 | ---- | C] () -- C:\Users\Admin\overdrive trio logo.jpg
[2012/06/26 20:41:13 | 000,731,506 | ---- | C] () -- C:\Users\Admin\Untitled-1.jpg
[2012/06/26 20:40:07 | 000,722,863 | ---- | C] () -- C:\Users\Admin\trio.jpg
[2012/06/17 21:46:27 | 000,955,069 | ---- | C] () -- C:\Users\Admin\Come When I Call-John Mayer.m4r
[2012/06/17 17:47:56 | 002,124,550 | ---- | C] () -- C:\Users\Admin\IMG_0655.JPG
[2012/06/17 17:47:46 | 001,953,140 | ---- | C] () -- C:\Users\Admin\IMG_0651.JPG
[2012/06/11 23:41:24 | 000,091,746 | ---- | C] () -- C:\Users\Admin\IMG_0638.JPG
[2012/05/24 10:38:16 | 002,186,315 | ---- | C] () -- C:\Users\Admin\IMG_0559.JPG
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zyadeizbstq.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yruogei.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yft.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yeqc.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xitroqxj.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xhliavnncf.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xhepiahgu.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xdu.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xabxrnwognq.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wmaeoulj.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wgfzxqxc.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vwvpxtf.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vtccpjjxhbl.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vpymgh.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uilhoi.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ugh.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uaqqwmjt.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tubh.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tjerrruiu.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tgp.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\szanch.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\skjqlknoa.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rvitifkhda.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qpghwlpi.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qnretzig.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pvsbacopgo.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ptfcgaof.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pefaimbebk.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\okbzdweogsf.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ocduhsoaeky.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\netcd.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mxdvmytw.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mlfml.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lxjydaq.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ldna.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kgqeevfnt.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kblu.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kaddzumq.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jxqxva.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ifvbafbi.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hxpuo.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hgdxppghmnp.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ggjxmqh.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gbx.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fyvyvw.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fqat.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fnyj.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fkuuzbgv.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\err.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dmtlsnues.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cntaml.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cfclssx.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cbgvboorrjj.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\aclcvmx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zzmbkjttcv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zvxuplfqaiv.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zmulmsalvp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zmpm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zlvlgaoro.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zhbezzk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zgtn.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zbu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yztg.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ywcotf.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yqwnxmuqkr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ynbpico.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yfguqg.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yfddtyco.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ybcwdcj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xrjmwls.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xratz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xnrwoffi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xkiazoygsu.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\xibfo.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xhxj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xhi.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xei.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xbwudob.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xbeumyws.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wztapis.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wvpmojcpagc.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wvmaql.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wuienx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wtkvqxla.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wmcwjfwebcg.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wjjkwjxof.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wjd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vwx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vuzy.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vky.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vhgdwwy.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vexcv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vekhfmquvd.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uvhkeoo.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uuknvmo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\upqsk.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ujupkolaxz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uhgxcxne.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\udixx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ubomomrwsdk.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tttpgilubhz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tmksiwyo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tixbprzs.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tgysztaa.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tcu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\swrosmstc.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\swmx.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\svh.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\surl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sthnpbr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\srt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sqrvkkbktxz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sntlrnm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\slfzi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\skcx.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sjzadmi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sfsz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rzuc.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ruwy.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rumiqlhw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rtsquze.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rpz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\rnni.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rnaxcorvnpm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rmkgnn.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\riffaw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rifbww.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rhw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rfbddh.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\refyhravcw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rckntimj.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rbou.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qzegqoobxiy.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qxbus.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qttwzyei.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qsopsnklrnj.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qrpcq.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qqqt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qqqewpfdl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qheefqe.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\qgqkumwr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qbdvroefxtf.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\pxluctu.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\puxozpwjj.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\psxulyb.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\psuezqksw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pqognjycvt.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pqjjgvrcrr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pplmagu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pjtdqi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\phcioojd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pedcjlq.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pcpmvigyknw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pclkwlz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pathdekgnl.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\oxxpcqneqfk.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ousspnt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\otvbczqzr.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\otorwgb.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\oofzxmm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\oofsbkfk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ooaomuyhvz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\onuhfaqdr.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\olhdsirhbjm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\olcfhmx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\oicryjbsxhd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ogn.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ogknbwh.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ntpp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\npuailglpt.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ndpxrjvfik.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\narceunvfsr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mwzhlh.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mwuwz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mvhxlyyr.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mpuqpwyjjoe.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\minowwpnhw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mhymnl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mhefcltipun.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mflohpswrxl.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mcrrrdylbyb.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mbufohzbd.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mbpbf.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\maynwlp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lwcnbd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lvzw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lvjfqnrfy.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lqya.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lnm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lmkwvtfa.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\liif.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lhlcj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lffhqjpt.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ktkvvqws.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\kragnbr.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kppamcnflm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kokjkgnayl.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\knk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kkrk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kjvzwobzke.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kfkegdfzsmf.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jvpytddxshm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jvanbm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jscxtijpp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jecbuzopv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jazdltqdat.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ixrmyzmuf.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ivz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\itshnv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ithugwck.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\isnvgwxvzx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\imisiwl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ilppyukvb.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ikvd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\iduxw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ict.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ibqvywo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hxokmtz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hulemjbpzih.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\htzs.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\htubwk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hrfumedgw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hqwxnfwmq.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hoboh.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hmzimwaq.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hiushfclfla.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hhxjfatux.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hgu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hfaptb.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hbqnkzjqm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gzswrdxw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gxveh.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gxiglgpq.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gwegf.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gswxesatox.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gksspjwk.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gjrxn.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\giemuzl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ghdvcccqxcv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gecrm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gcgii.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fzzu.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fnxe.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fmlgoxxnn.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fhagevihj.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\fas.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ezafudvoiyt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\epuzw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ehe.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\egskehx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\eewo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\eesejbzog.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\edsljcdivuy.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dxrnzku.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dqajfj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dmuuqmc.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dkfd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\djzobvavx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dgppwo.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dgckkqqq.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dfswulgomz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\detwvkklv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\defhdp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ctxnogspj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cqbt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\civwzqm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cdntf.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cbqynozbpo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bzyz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\byoqvakieh.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bxqecmpfn.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bulcyfilrrd.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bsxkwl.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bsmobir.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\blxcchdo.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\betjex.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\baxqskha.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\azuxhafgo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ayyyufnvi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\auemdu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\aso.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\arembuqqlhl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\apluecjxljh.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\akjgqsepny.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ajnzyssdz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ajfm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\aesvs.dat
[2012/03/30 14:22:58 | 000,001,085 | ---- | C] () -- C:\Users\Admin\Documents - Shortcut.lnk
[2012/03/29 10:01:07 | 000,004,096 | -H-- | C] () -- C:\Users\Admin\AppData\Local\keyfile3.drm
[2012/02/06 20:34:20 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/06 12:45:41 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{B3E17762-4E69-4C05-AA76-9790640E4F12}
[2012/01/06 12:35:41 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{D2E3E187-EB76-4456-99B9-C04BA2C3DF94}
[2012/01/06 10:42:13 | 000,301,128 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/12/21 10:58:30 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2011/11/12 11:37:13 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F23FA71E-0BA4-460B-A5AF-B4B43E48C203}
[2011/11/04 08:20:58 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{CAAD4A23-6B91-4FE6-B602-7A430885409B}
[2011/11/04 08:16:06 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/08/24 19:43:36 | 000,045,270 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\room_v3.dat
[2011/07/23 23:46:33 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{940A2858-D043-475B-A33F-52A8D2542709}
[2011/06/23 23:16:21 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E696E2DB-5322-4DC5-A2C3-97623023FD79}
[2011/06/10 22:19:16 | 000,000,318 | ---- | C] () -- C:\Windows\WPE PRO - modified.INI
[2011/04/15 22:15:48 | 000,000,990 | -HS- | C] () -- C:\Users\Admin\AppData\Roaming\systemfl.$dk
[2011/03/22 15:49:33 | 000,046,742 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\room.dat
[2011/03/07 22:52:15 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/02/14 16:17:55 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2011/01/10 18:19:16 | 000,035,840 | ---- | C] () -- C:\Windows\System32\dokan.dll
[2011/01/06 18:08:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/12/14 10:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010/12/14 10:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010/12/14 10:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010/12/14 10:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010/12/14 10:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/12/14 10:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/12/13 22:56:04 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2010/12/13 22:56:04 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2010/12/13 09:22:58 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2010/12/12 13:39:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/12 12:02:37 | 000,008,828 | R--- | C] () -- C:\Windows\pppoe.dll
[2010/12/12 12:02:37 | 000,000,994 | ---- | C] () -- C:\Windows\pppoecfg.ini
[2010/12/12 11:59:57 | 000,102,119 | ---- | C] () -- C:\Windows\System32\drivers\PPPoEWin.SYS

========== LOP Check ==========

[2012/02/13 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bump Technologies, Inc
[2012/05/24 21:28:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CrystalIdea Software
[2012/07/28 08:47:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DMCache
[2011/02/09 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Free Download Manager
[2012/06/28 21:16:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GarenaPlus
[2012/02/13 19:38:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GetRightToGo
[2011/12/21 20:32:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Guitar Pro 6
[2011/12/11 19:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hobbyist Software
[2012/07/12 21:05:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IDM
[2012/06/17 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2011/11/09 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LeadMind
[2012/01/18 21:10:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lunascape
[2011/01/29 20:31:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011/01/23 13:27:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011/12/31 11:01:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\redsn0w
[2011/02/14 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Research In Motion
[2012/06/17 20:21:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Seagate
[2011/09/24 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2011/10/07 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SpinTop
[2012/01/30 08:08:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SystemRequirementsLab
[2012/01/06 20:25:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2012/07/25 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2012/07/27 06:59:59 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/16 12:42:06 | 000,000,234 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2F4A0A6B

< End of report >
 
OTL Extras logfile created on: 7/28/2012 8:47:39 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Admin\Documents\Downloads\Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 65.92% Memory free
6.00 Gb Paging File | 4.89 Gb Available in Paging File | 81.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 48.95 Gb Free Space | 33.42% Space Free | Partition Type: NTFS
Drive D: | 69.35 Gb Total Space | 10.59 Gb Free Space | 15.27% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 13.55 Gb Free Space | 9.25% Space Free | Partition Type: NTFS
Drive F: | 172.79 Gb Total Space | 11.39 Gb Free Space | 6.59% Space Free | Partition Type: NTFS
Drive G: | 142.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-7238265-1896125294-3291190998-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hide This Folder] -- C:\Program Files\FreeFolderHider\FolderHider.exe %1..L
Directory [Open Folder Hider] -- C:\Program Files\FreeFolderHider\FolderHider.exe %1..O
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{142D633B-6D5E-43FC-ADCD-BF71C495F91C}_is1" = EKRO Fullclient v1.0
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{292F51DF-B284-448D-8157-742D34EFB6FF}_is1" = Gamma Control 2
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = CodecC
"{31D35EBD-F221-41F8-9287-479687398093}" = Pacenet Dialer
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5AC11070-A1CB-11E0-A0DC-0013D3D69929}" = Vegas Pro 10.0
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB84FB0C-3A44-45A8-9E9D-06B9C4D079A0}" = iPhone Disk Drive
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"48AEB547-6B1C-4CFC-957B-E11C22C8A25F" = Mac OS X Cursors
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AI RoboForm" = AI RoboForm 7-1-1 (All Users)
"Akamai" = Akamai NetSession Interface Service
"Assassin's Creed: Brotherhood_is1" = Assassin's Creed: Brotherhood
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"Cain & Abel v4.9.36" = Cain & Abel v4.9.36
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Colasoft MAC Scanner 1.1_is1" = Colasoft MAC Scanner 1.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CUE_CLUB" = CUE CLUB
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"DokanLibrary" = Dokan Library 0.6.0
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Folder Hider_is1" = Free Folder Hider 11.05
"Garena" = Garena 2010
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Guitar Pro 6 (6.0.7 b2 r8924)" = Guitar Pro 6 (6.0.7 b2 r8924)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"iColorFolder" = iColorFolder
"im" = Garena Messenger
"Internet Download Manager" = Internet Download Manager
"Kundli for Windows (Demo)_is1" = Kundli for Windows v4.5 (Demo)
"Lunascape6" = Lunascape6 (All Users)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MBlaze" = MBlaze
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.52.1100" = Opera 11.52
"PopMessenger_is1" = PopMessenger v1.62
"Reloaded Ragnarok Online" = Reloaded Ragnarok Online
"RocketDock_is1" = RocketDock 1.3.5
"StartupRun1" = Finderbar
"Steam App 570" = Dota 2
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 7" = TeamViewer 7
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"Vintage-RO v1.0.2" = Vintage-RO v1.0.2
"VLC media player" = VLC media player 1.0.1
"VLC Streamer_is1" = VLC Streamer 1.50
"Warcraft III Reign of Chaos & The Frozen Throne" = Warcraft III Reign of Chaos & The Frozen Throne
"Warkeys" = Warkeys 1.18.1.0b
"WindowBlinds" = WindowBlinds
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-7238265-1896125294-3291190998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CombatCookieRO" = CombatCookieRO
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2012 8:07:32 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/26/2012 8:14:31 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/26/2012 8:27:13 PM | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/26/2012 8:34:49 PM | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/26/2012 8:44:55 PM | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/26/2012 8:59:55 PM | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/26/2012 9:03:03 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/26/2012 9:07:55 PM | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/26/2012 9:23:34 PM | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/26/2012 9:31:23 PM | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ System Events ]
Error - 7/27/2012 10:52:01 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/27/2012 10:52:11 PM | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description =

Error - 7/27/2012 10:52:11 PM | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description =

Error - 7/27/2012 10:52:11 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/27/2012 10:52:11 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/27/2012 10:52:11 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/27/2012 10:52:11 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/27/2012 10:54:41 PM | Computer Name = Admin-PC | Source = DCOM | ID = 10001
Description =

Error - 7/27/2012 10:59:46 PM | Computer Name = Admin-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.765.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 7/27/2012 10:59:46 PM | Computer Name = Admin-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.765.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.



< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-7238265-1896125294-3291190998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
[2012/07/27 09:42:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zyadeizbstq.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yruogei.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yft.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yeqc.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xitroqxj.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xhliavnncf.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xhepiahgu.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xdu.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xabxrnwognq.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wmaeoulj.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wgfzxqxc.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vwvpxtf.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vtccpjjxhbl.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vpymgh.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uilhoi.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ugh.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uaqqwmjt.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tubh.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tjerrruiu.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tgp.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\szanch.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\skjqlknoa.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rvitifkhda.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qpghwlpi.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qnretzig.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pvsbacopgo.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ptfcgaof.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pefaimbebk.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\okbzdweogsf.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ocduhsoaeky.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\netcd.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mxdvmytw.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mlfml.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lxjydaq.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ldna.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kgqeevfnt.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kblu.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kaddzumq.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jxqxva.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ifvbafbi.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hxpuo.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hgdxppghmnp.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ggjxmqh.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gbx.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fyvyvw.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fqat.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fnyj.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fkuuzbgv.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\err.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dmtlsnues.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cntaml.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cfclssx.ini
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cbgvboorrjj.dat
[2012/04/25 08:52:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\aclcvmx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zzmbkjttcv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zvxuplfqaiv.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zmulmsalvp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zmpm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zlvlgaoro.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zhbezzk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zgtn.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\zbu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yztg.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ywcotf.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yqwnxmuqkr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ynbpico.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yfguqg.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\yfddtyco.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ybcwdcj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xrjmwls.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xratz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xnrwoffi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xkiazoygsu.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\xibfo.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xhxj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xhi.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xei.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xbwudob.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\xbeumyws.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wztapis.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wvpmojcpagc.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wvmaql.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wuienx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wtkvqxla.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wmcwjfwebcg.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wjjkwjxof.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\wjd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vwx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vuzy.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vky.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vhgdwwy.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vexcv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\vekhfmquvd.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uvhkeoo.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uuknvmo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\upqsk.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ujupkolaxz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\uhgxcxne.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\udixx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ubomomrwsdk.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tttpgilubhz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tmksiwyo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tixbprzs.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tgysztaa.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\tcu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\swrosmstc.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\swmx.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\svh.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\surl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sthnpbr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\srt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sqrvkkbktxz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sntlrnm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\slfzi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\skcx.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sjzadmi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sfsz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rzuc.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ruwy.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rumiqlhw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rtsquze.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rpz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\rnni.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rnaxcorvnpm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rmkgnn.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\riffaw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rifbww.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rhw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rfbddh.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\refyhravcw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rckntimj.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\rbou.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qzegqoobxiy.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qxbus.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qttwzyei.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qsopsnklrnj.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qrpcq.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qqqt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qqqewpfdl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qheefqe.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\qgqkumwr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\qbdvroefxtf.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\pxluctu.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\puxozpwjj.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\psxulyb.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\psuezqksw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pqognjycvt.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pqjjgvrcrr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pplmagu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pjtdqi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\phcioojd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pedcjlq.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pcpmvigyknw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pclkwlz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\pathdekgnl.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\oxxpcqneqfk.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ousspnt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\otvbczqzr.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\otorwgb.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\oofzxmm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\oofsbkfk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ooaomuyhvz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\onuhfaqdr.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\olhdsirhbjm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\olcfhmx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\oicryjbsxhd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ogn.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ogknbwh.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ntpp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\npuailglpt.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ndpxrjvfik.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\narceunvfsr.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mwzhlh.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mwuwz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mvhxlyyr.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mpuqpwyjjoe.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\minowwpnhw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mhymnl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mhefcltipun.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mflohpswrxl.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mcrrrdylbyb.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mbufohzbd.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\mbpbf.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\maynwlp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lwcnbd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lvzw.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lvjfqnrfy.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lqya.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lnm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lmkwvtfa.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\liif.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lhlcj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\lffhqjpt.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ktkvvqws.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\kragnbr.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kppamcnflm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kokjkgnayl.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\knk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kkrk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kjvzwobzke.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\kfkegdfzsmf.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jvpytddxshm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jvanbm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jscxtijpp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jecbuzopv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\jazdltqdat.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ixrmyzmuf.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ivz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\itshnv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ithugwck.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\isnvgwxvzx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\imisiwl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ilppyukvb.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ikvd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\iduxw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ict.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ibqvywo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hxokmtz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hulemjbpzih.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\htzs.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\htubwk.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hrfumedgw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hqwxnfwmq.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hoboh.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hmzimwaq.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hiushfclfla.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hhxjfatux.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hgu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hfaptb.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\hbqnkzjqm.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gzswrdxw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gxveh.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gxiglgpq.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gwegf.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gswxesatox.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gksspjwk.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gjrxn.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\giemuzl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ghdvcccqxcv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gecrm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\gcgii.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fzzu.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fnxe.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fmlgoxxnn.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\fhagevihj.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\fas.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ezafudvoiyt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\epuzw.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ehe.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\egskehx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\eewo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\eesejbzog.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\edsljcdivuy.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dxrnzku.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dqajfj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dmuuqmc.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dkfd.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\djzobvavx.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dgppwo.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dgckkqqq.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\dfswulgomz.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\detwvkklv.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\defhdp.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ctxnogspj.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cqbt.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\civwzqm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cdntf.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\cbqynozbpo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bzyz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\byoqvakieh.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bxqecmpfn.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bulcyfilrrd.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bsxkwl.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\bsmobir.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\blxcchdo.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\betjex.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\baxqskha.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\azuxhafgo.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ayyyufnvi.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\auemdu.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\aso.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\arembuqqlhl.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\apluecjxljh.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\akjgqsepny.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ajnzyssdz.dat
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ajfm.ini
[2012/04/25 08:52:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\aesvs.dat
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2F4A0A6B

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL FIX LOGS

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-7238265-1896125294-3291190998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{381FFDE8-2394-4f90-B10D-FC6124A40F8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381FFDE8-2394-4f90-B10D-FC6124A40F8C}\ not found.
C:\FRST\Quarantine\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\U folder moved successfully.
C:\FRST\Quarantine\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\L folder moved successfully.
C:\FRST\Quarantine\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\{3ca6a52d-2ebe-7fc0-b227-048193b885b9} folder moved successfully.
C:\FRST\Quarantine\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\U folder moved successfully.
C:\FRST\Quarantine\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\L folder moved successfully.
C:\FRST\Quarantine\{3ca6a52d-2ebe-7fc0-b227-048193b885b9} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Windows\System32\zyadeizbstq.ini moved successfully.
C:\Windows\System32\yruogei.ini moved successfully.
C:\Windows\System32\yft.ini moved successfully.
C:\Windows\System32\yeqc.ini moved successfully.
C:\Windows\System32\xitroqxj.dat moved successfully.
C:\Windows\System32\xhliavnncf.ini moved successfully.
C:\Windows\System32\xhepiahgu.ini moved successfully.
C:\Windows\System32\xdu.dat moved successfully.
C:\Windows\System32\xabxrnwognq.ini moved successfully.
C:\Windows\System32\wmaeoulj.ini moved successfully.
C:\Windows\System32\wgfzxqxc.dat moved successfully.
C:\Windows\System32\vwvpxtf.dat moved successfully.
C:\Windows\System32\vtccpjjxhbl.ini moved successfully.
C:\Windows\System32\vpymgh.ini moved successfully.
C:\Windows\System32\uilhoi.dat moved successfully.
C:\Windows\System32\ugh.ini moved successfully.
C:\Windows\System32\uaqqwmjt.ini moved successfully.
C:\Windows\System32\tubh.ini moved successfully.
C:\Windows\System32\tjerrruiu.ini moved successfully.
C:\Windows\System32\tgp.dat moved successfully.
C:\Windows\System32\szanch.dat moved successfully.
C:\Windows\System32\skjqlknoa.ini moved successfully.
C:\Windows\System32\rvitifkhda.ini moved successfully.
C:\Windows\System32\qpghwlpi.ini moved successfully.
C:\Windows\System32\qnretzig.ini moved successfully.
C:\Windows\System32\pvsbacopgo.ini moved successfully.
C:\Windows\System32\ptfcgaof.dat moved successfully.
C:\Windows\System32\pefaimbebk.ini moved successfully.
C:\Windows\System32\okbzdweogsf.ini moved successfully.
C:\Windows\System32\ocduhsoaeky.ini moved successfully.
C:\Windows\System32\netcd.ini moved successfully.
C:\Windows\System32\mxdvmytw.ini moved successfully.
C:\Windows\System32\mlfml.ini moved successfully.
C:\Windows\System32\lxjydaq.dat moved successfully.
C:\Windows\System32\ldna.ini moved successfully.
C:\Windows\System32\kgqeevfnt.dat moved successfully.
C:\Windows\System32\kblu.ini moved successfully.
C:\Windows\System32\kaddzumq.ini moved successfully.
C:\Windows\System32\jxqxva.ini moved successfully.
C:\Windows\System32\ifvbafbi.dat moved successfully.
C:\Windows\System32\hxpuo.dat moved successfully.
C:\Windows\System32\hgdxppghmnp.dat moved successfully.
C:\Windows\System32\ggjxmqh.ini moved successfully.
C:\Windows\System32\gbx.ini moved successfully.
C:\Windows\System32\fyvyvw.ini moved successfully.
C:\Windows\System32\fqat.dat moved successfully.
C:\Windows\System32\fnyj.ini moved successfully.
C:\Windows\System32\fkuuzbgv.dat moved successfully.
C:\Windows\err.ini moved successfully.
C:\Windows\System32\dmtlsnues.dat moved successfully.
C:\Windows\System32\cntaml.ini moved successfully.
C:\Windows\System32\cfclssx.ini moved successfully.
C:\Windows\System32\cbgvboorrjj.dat moved successfully.
C:\Windows\System32\aclcvmx.ini moved successfully.
C:\Windows\System32\zzmbkjttcv.ini moved successfully.
C:\Windows\System32\zvxuplfqaiv.dat moved successfully.
C:\Windows\System32\zmulmsalvp.ini moved successfully.
C:\Windows\System32\zmpm.dat moved successfully.
C:\Windows\System32\zlvlgaoro.dat moved successfully.
C:\Windows\System32\zhbezzk.ini moved successfully.
C:\Windows\System32\zgtn.dat moved successfully.
C:\Windows\System32\zbu.ini moved successfully.
C:\Windows\System32\yztg.dat moved successfully.
C:\Windows\System32\ywcotf.ini moved successfully.
C:\Windows\System32\yqwnxmuqkr.ini moved successfully.
C:\Windows\System32\ynbpico.ini moved successfully.
C:\Windows\System32\yfguqg.dat moved successfully.
C:\Windows\System32\yfddtyco.ini moved successfully.
C:\Windows\System32\ybcwdcj.ini moved successfully.
C:\Windows\System32\xrjmwls.ini moved successfully.
C:\Windows\System32\xratz.ini moved successfully.
C:\Windows\System32\xnrwoffi.ini moved successfully.
C:\Windows\System32\xkiazoygsu.dat moved successfully.
C:\Windows\xibfo.dat moved successfully.
C:\Windows\System32\xhxj.ini moved successfully.
C:\Windows\System32\xhi.dat moved successfully.
C:\Windows\System32\xei.ini moved successfully.
C:\Windows\System32\xbwudob.ini moved successfully.
C:\Windows\System32\xbeumyws.ini moved successfully.
C:\Windows\System32\wztapis.ini moved successfully.
C:\Windows\System32\wvpmojcpagc.ini moved successfully.
C:\Windows\System32\wvmaql.ini moved successfully.
C:\Windows\System32\wuienx.ini moved successfully.
C:\Windows\System32\wtkvqxla.ini moved successfully.
C:\Windows\System32\wmcwjfwebcg.dat moved successfully.
C:\Windows\System32\wjjkwjxof.dat moved successfully.
C:\Windows\System32\wjd.ini moved successfully.
C:\Windows\System32\vwx.ini moved successfully.
C:\Windows\System32\vuzy.ini moved successfully.
C:\Windows\System32\vky.dat moved successfully.
C:\Windows\System32\vhgdwwy.ini moved successfully.
C:\Windows\System32\vexcv.ini moved successfully.
C:\Windows\System32\vekhfmquvd.dat moved successfully.
C:\Windows\System32\uvhkeoo.dat moved successfully.
C:\Windows\System32\uuknvmo.ini moved successfully.
C:\Windows\System32\upqsk.dat moved successfully.
C:\Windows\System32\ujupkolaxz.ini moved successfully.
C:\Windows\System32\uhgxcxne.ini moved successfully.
C:\Windows\System32\udixx.ini moved successfully.
C:\Windows\System32\ubomomrwsdk.dat moved successfully.
C:\Windows\System32\tttpgilubhz.ini moved successfully.
C:\Windows\System32\tmksiwyo.ini moved successfully.
C:\Windows\System32\tixbprzs.dat moved successfully.
C:\Windows\System32\tgysztaa.ini moved successfully.
C:\Windows\System32\tcu.ini moved successfully.
C:\Windows\System32\swrosmstc.ini moved successfully.
C:\Windows\System32\swmx.dat moved successfully.
C:\Windows\System32\svh.dat moved successfully.
C:\Windows\System32\surl.ini moved successfully.
C:\Windows\System32\sthnpbr.ini moved successfully.
C:\Windows\System32\srt.ini moved successfully.
C:\Windows\System32\sqrvkkbktxz.dat moved successfully.
C:\Windows\System32\sntlrnm.dat moved successfully.
C:\Windows\System32\slfzi.ini moved successfully.
C:\Windows\System32\skcx.dat moved successfully.
C:\Windows\System32\sjzadmi.ini moved successfully.
C:\Windows\System32\sfsz.dat moved successfully.
C:\Windows\System32\rzuc.ini moved successfully.
C:\Windows\System32\ruwy.dat moved successfully.
C:\Windows\System32\rumiqlhw.dat moved successfully.
C:\Windows\System32\rtsquze.dat moved successfully.
C:\Windows\System32\rpz.ini moved successfully.
C:\Windows\rnni.ini moved successfully.
C:\Windows\System32\rnaxcorvnpm.ini moved successfully.
C:\Windows\System32\rmkgnn.ini moved successfully.
C:\Windows\System32\riffaw.ini moved successfully.
C:\Windows\System32\rifbww.ini moved successfully.
C:\Windows\System32\rhw.dat moved successfully.
C:\Windows\System32\rfbddh.dat moved successfully.
C:\Windows\refyhravcw.dat moved successfully.
C:\Windows\System32\rckntimj.dat moved successfully.
C:\Windows\System32\rbou.dat moved successfully.
C:\Windows\System32\qzegqoobxiy.ini moved successfully.
C:\Windows\System32\qxbus.dat moved successfully.
C:\Windows\System32\qttwzyei.dat moved successfully.
C:\Windows\System32\qsopsnklrnj.dat moved successfully.
C:\Windows\System32\qrpcq.dat moved successfully.
C:\Windows\System32\qqqt.ini moved successfully.
C:\Windows\System32\qqqewpfdl.ini moved successfully.
C:\Windows\System32\qheefqe.dat moved successfully.
C:\Windows\qgqkumwr.ini moved successfully.
C:\Windows\System32\qbdvroefxtf.ini moved successfully.
C:\Windows\pxluctu.dat moved successfully.
C:\Windows\System32\puxozpwjj.dat moved successfully.
C:\Windows\System32\psxulyb.ini moved successfully.
C:\Windows\System32\psuezqksw.dat moved successfully.
C:\Windows\System32\pqognjycvt.dat moved successfully.
C:\Windows\System32\pqjjgvrcrr.ini moved successfully.
C:\Windows\System32\pplmagu.ini moved successfully.
C:\Windows\System32\pjtdqi.ini moved successfully.
C:\Windows\System32\phcioojd.ini moved successfully.
C:\Windows\System32\pedcjlq.ini moved successfully.
C:\Windows\System32\pcpmvigyknw.dat moved successfully.
C:\Windows\System32\pclkwlz.ini moved successfully.
C:\Windows\System32\pathdekgnl.dat moved successfully.
C:\Windows\System32\oxxpcqneqfk.dat moved successfully.
C:\Windows\System32\ousspnt.ini moved successfully.
C:\Windows\System32\otvbczqzr.dat moved successfully.
C:\Windows\System32\otorwgb.ini moved successfully.
C:\Windows\System32\oofzxmm.dat moved successfully.
C:\Windows\System32\oofsbkfk.ini moved successfully.
C:\Windows\System32\ooaomuyhvz.ini moved successfully.
C:\Windows\System32\onuhfaqdr.dat moved successfully.
C:\Windows\System32\olhdsirhbjm.dat moved successfully.
C:\Windows\System32\olcfhmx.ini moved successfully.
C:\Windows\System32\oicryjbsxhd.ini moved successfully.
C:\Windows\System32\ogn.ini moved successfully.
C:\Windows\System32\ogknbwh.ini moved successfully.
C:\Windows\System32\ntpp.ini moved successfully.
C:\Windows\System32\npuailglpt.dat moved successfully.
C:\Windows\System32\ndpxrjvfik.dat moved successfully.
C:\Windows\System32\narceunvfsr.ini moved successfully.
C:\Windows\System32\mwzhlh.ini moved successfully.
C:\Windows\System32\mwuwz.dat moved successfully.
C:\Windows\System32\mvhxlyyr.dat moved successfully.
C:\Windows\System32\mpuqpwyjjoe.ini moved successfully.
C:\Windows\System32\minowwpnhw.dat moved successfully.
C:\Windows\System32\mhymnl.ini moved successfully.
C:\Windows\System32\mhefcltipun.ini moved successfully.
C:\Windows\System32\mflohpswrxl.dat moved successfully.
C:\Windows\System32\mcrrrdylbyb.dat moved successfully.
C:\Windows\System32\mbufohzbd.dat moved successfully.
C:\Windows\System32\mbpbf.ini moved successfully.
C:\Windows\System32\maynwlp.ini moved successfully.
C:\Windows\System32\lwcnbd.ini moved successfully.
C:\Windows\System32\lvzw.dat moved successfully.
C:\Windows\System32\lvjfqnrfy.dat moved successfully.
C:\Windows\System32\lqya.dat moved successfully.
C:\Windows\System32\lnm.ini moved successfully.
C:\Windows\System32\lmkwvtfa.ini moved successfully.
C:\Windows\System32\liif.ini moved successfully.
C:\Windows\System32\lhlcj.ini moved successfully.
C:\Windows\System32\lffhqjpt.dat moved successfully.
C:\Windows\System32\ktkvvqws.dat moved successfully.
C:\Windows\kragnbr.dat moved successfully.
C:\Windows\System32\kppamcnflm.dat moved successfully.
C:\Windows\System32\kokjkgnayl.dat moved successfully.
C:\Windows\System32\knk.ini moved successfully.
C:\Windows\System32\kkrk.ini moved successfully.
C:\Windows\System32\kjvzwobzke.ini moved successfully.
C:\Windows\System32\kfkegdfzsmf.dat moved successfully.
C:\Windows\System32\jvpytddxshm.ini moved successfully.
C:\Windows\System32\jvanbm.ini moved successfully.
C:\Windows\System32\jscxtijpp.ini moved successfully.
C:\Windows\System32\jecbuzopv.ini moved successfully.
C:\Windows\System32\jazdltqdat.ini moved successfully.
C:\Windows\System32\ixrmyzmuf.ini moved successfully.
C:\Windows\System32\ivz.ini moved successfully.
C:\Windows\System32\itshnv.ini moved successfully.
C:\Windows\System32\ithugwck.dat moved successfully.
C:\Windows\System32\isnvgwxvzx.ini moved successfully.
C:\Windows\System32\imisiwl.ini moved successfully.
C:\Windows\System32\ilppyukvb.ini moved successfully.
C:\Windows\System32\ikvd.ini moved successfully.
C:\Windows\System32\iduxw.ini moved successfully.
C:\Windows\System32\ict.ini moved successfully.
C:\Windows\System32\ibqvywo.ini moved successfully.
C:\Windows\System32\hxokmtz.ini moved successfully.
C:\Windows\System32\hulemjbpzih.dat moved successfully.
C:\Windows\System32\htzs.dat moved successfully.
C:\Windows\System32\htubwk.ini moved successfully.
C:\Windows\System32\hrfumedgw.ini moved successfully.
C:\Windows\System32\hqwxnfwmq.ini moved successfully.
C:\Windows\System32\hoboh.dat moved successfully.
C:\Windows\System32\hmzimwaq.dat moved successfully.
C:\Windows\System32\hiushfclfla.ini moved successfully.
C:\Windows\System32\hhxjfatux.dat moved successfully.
C:\Windows\System32\hgu.ini moved successfully.
C:\Windows\System32\hfaptb.dat moved successfully.
C:\Windows\System32\hbqnkzjqm.dat moved successfully.
C:\Windows\System32\gzswrdxw.ini moved successfully.
C:\Windows\System32\gxveh.dat moved successfully.
C:\Windows\System32\gxiglgpq.ini moved successfully.
C:\Windows\System32\gwegf.dat moved successfully.
C:\Windows\System32\gswxesatox.ini moved successfully.
C:\Windows\System32\gksspjwk.dat moved successfully.
C:\Windows\System32\gjrxn.dat moved successfully.
C:\Windows\System32\giemuzl.ini moved successfully.
C:\Windows\System32\ghdvcccqxcv.ini moved successfully.
C:\Windows\System32\gecrm.ini moved successfully.
C:\Windows\System32\gcgii.ini moved successfully.
C:\Windows\System32\fzzu.dat moved successfully.
C:\Windows\System32\fnxe.dat moved successfully.
C:\Windows\System32\fmlgoxxnn.ini moved successfully.
C:\Windows\System32\fhagevihj.dat moved successfully.
C:\Windows\fas.ini moved successfully.
C:\Windows\System32\ezafudvoiyt.ini moved successfully.
C:\Windows\System32\epuzw.ini moved successfully.
C:\Windows\System32\ehe.dat moved successfully.
C:\Windows\System32\egskehx.ini moved successfully.
C:\Windows\eewo.ini moved successfully.
C:\Windows\System32\eesejbzog.ini moved successfully.
C:\Windows\System32\edsljcdivuy.ini moved successfully.
C:\Windows\ecisfvuhpa.ini moved successfully.
C:\Windows\System32\dxrnzku.ini moved successfully.
C:\Windows\System32\dqajfj.ini moved successfully.
C:\Windows\System32\dmuuqmc.ini moved successfully.
C:\Windows\System32\dkfd.ini moved successfully.
C:\Windows\System32\djzobvavx.ini moved successfully.
C:\Windows\System32\dgppwo.dat moved successfully.
C:\Windows\System32\dgckkqqq.ini moved successfully.
C:\Windows\System32\dfswulgomz.ini moved successfully.
C:\Windows\System32\detwvkklv.ini moved successfully.
C:\Windows\System32\defhdp.ini moved successfully.
C:\Windows\System32\ctxnogspj.ini moved successfully.
C:\Windows\System32\cqbt.ini moved successfully.
C:\Windows\System32\civwzqm.ini moved successfully.
C:\Windows\System32\cdntf.dat moved successfully.
C:\Windows\System32\cbqynozbpo.ini moved successfully.
C:\Windows\System32\bzyz.dat moved successfully.
C:\Windows\System32\byoqvakieh.ini moved successfully.
C:\Windows\System32\bxqecmpfn.ini moved successfully.
C:\Windows\System32\bulcyfilrrd.dat moved successfully.
C:\Windows\System32\bsxkwl.dat moved successfully.
C:\Windows\System32\bsmobir.dat moved successfully.
C:\Windows\System32\blxcchdo.dat moved successfully.
C:\Windows\System32\betjex.ini moved successfully.
C:\Windows\baxqskha.dat moved successfully.
C:\Windows\System32\azuxhafgo.ini moved successfully.
C:\Windows\System32\ayyyufnvi.ini moved successfully.
C:\Windows\System32\auemdu.ini moved successfully.
C:\Windows\System32\aso.dat moved successfully.
C:\Windows\System32\arembuqqlhl.ini moved successfully.
C:\Windows\System32\apluecjxljh.ini moved successfully.
C:\Windows\System32\akjgqsepny.ini moved successfully.
C:\Windows\System32\ajnzyssdz.dat moved successfully.
C:\Windows\System32\ajfm.ini moved successfully.
C:\Windows\System32\aesvs.dat moved successfully.
ADS C:\ProgramData\TEMP:55422315 deleted successfully.
ADS C:\ProgramData\TEMP:2F4A0A6B deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 125297 bytes
->Temporary Internet Files folder emptied: 1133684 bytes
->Java cache emptied: 5004764 bytes
->FireFox cache emptied: 96588090 bytes
->Google Chrome cache emptied: 8748086 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3827591 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16802 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53402648 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 161.00 mb


[EMPTYJAVA]

User: Admin
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07282012_210842

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
security check logs

Results of screen317's Security Check version 0.99.43
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.2.202.235
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 21.0.1180.15
Google Chrome 21.0.1180.57
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 
FSS logs:-

Farbar Service Scanner Version: 26-07-2012
Ran by Admin (administrator) on 28-07-2012 at 21:17:22
Running from "C:\Users\Admin\Desktop"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is offline
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-14 05:23] - [2009-07-14 06:45] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 05:24] - [2009-07-14 06:44] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 04:53] - [2009-07-14 06:46] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 04:54] - [2009-07-14 06:44] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-14 05:00] - [2009-07-14 06:46] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Eset found some threats.

C:\Users\Admin\Desktop\Desktop\cnet_GTA3patch11_1_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Admin\Desktop\Desktop\Codec-C.exe Win32/InstallMate application cleaned by deleting - quarantined
C:\Users\Admin\Desktop\Desktop\KACHRA\SSEv5.01\SSEv5.01.dll a variant of Win32/Conficker.X worm cleaned by deleting - quarantined
C:\Users\Admin\Desktop\Desktop\KACHRA\wpe\WPE PRO - modified.exe a variant of Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined
C:\Users\Admin\Desktop\Desktop\KACHRA\wpe\WpeSpy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined
C:\Users\Admin\Desktop\Desktop\LAN-MODE v1.0\RENAME_ME\123.exe probably a variant of Win32/Inject.DUGOUWQ trojan cleaned by deleting - quarantined
C:\Users\Admin\Documents\Downloads\Programs\SoftonicDownloader_for_picpick.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\07282012_210842\C_FRST\Quarantine\services.exe Win32/Sirefef.FC trojan deleted - quarantined
C:\_OTL\MovedFiles\07282012_210842\C_FRST\Quarantine\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\07282012_210842\C_FRST\Quarantine\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\07282012_210842\C_FRST\Quarantine\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\{3ca6a52d-2ebe-7fc0-b227-048193b885b9}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
F:\GAMES\NewSteam\config\overlayhtmlcache\f_000075 HTML/Iframe.B.Gen virus deleted - quarantined
F:\SFOTWARES\Adobe Indesign Cs4\Activation\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan cleaned by deleting - quarantined
F:\SFOTWARES\softwares\Adobe Illustrator CS4\Key\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan cleaned by deleting - quarantined
F:\SFOTWARES\softwares\Alcohol 120 [FULL+Activator]\Alcohol120 retail 1.9.7.6221.exe Win32/Adware.Virtumonde application deleted - quarantined
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

==============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.
 
and my microsoft security essentials update fails... it says .." cannot download.. check internet. missing system fils/misplaced system file or registry file"
 
FSS logs

Farbar Service Scanner Version: 26-07-2012
Ran by Admin (administrator) on 29-07-2012 at 00:31:26
Running from "C:\Users\Admin\Desktop"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-14 05:23] - [2009-07-14 06:45] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 05:24] - [2009-07-14 06:44] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 04:53] - [2009-07-14 06:46] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 04:54] - [2009-07-14 06:44] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-14 05:00] - [2009-07-14 06:46] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
and I have another problem..
I dont get the internet speed that my isp offers me.
like when I surf pages and load videos it is very slow, but on the other hand my isp offers me 1mbps.
when I login to safe mode I feel that the internet there is very fast but in normal mode it is slow.
some times I get speed of 1.5mb/s from the isp and normally I get 70 kb/ps which is really slow and nothing compared to what I should be getting.
can u please fix this issue as well.
 
That would be a matter of calling your ISP or posting in another forum.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

H
Freezes after BSOD
Replies
10
Views
2K
bazz2004
B
H
BSOD during youtube video - Windows 7 64 - suspected hardware malfunction
Replies
15
Views
3K
Kshipper
Kshipper
S
Trying to diagnose what's failing in my PC
Replies
2
Views
2K
srki9
S

Latest posts

Back