Solved Sirefef :(

1

1herocoy

Posts: 19   +0
Hi hope you guys can help me. Having problems with my laptop.

The story:
Several weeks ago was infected by some nasty virus and did a system restore and then after believed my computer was clean.
Several days ago, I noticed my Microsoft Security Essentials stop working.
After a lengthy process, I managed to get MSE working again in safemode and it picked up sirefef viariants w b and y.
As of now, my laptop will be forced to restart after several munites.

Will post FRST log soon.

Please help and thanks in advance.
 
Scan result of Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 25-06-2012 06:38:44
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-02-04] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418840 2011-03-25] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-14] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-25] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-27] (LogMeIn Inc.)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKU\Kim\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Kim\...\Policies\system: [LogonHoursAction] 2
HKU\Kim\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\William\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\William\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-11-24] (Valve Corporation)
HKU\William\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-11] (BitTorrent, Inc.)
HKU\William\...\Policies\system: [LogonHoursAction] 2
HKU\William\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
==================== Services (Whitelisted) ======
2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1226096 2012-05-03] (Lavasoft Limited)
2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-01] ()
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [901184 2011-01-24] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2011-01-24] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [991296 2011-01-24] (Intel Corporation)
2 CLKMSVC10_38F51D56; "C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc [241648 2011-01-25] (CyberLink)
2 FPLService; "C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe" [265544 2011-02-17] (HP)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-27] (LogMeIn Inc.)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2010-11-09] (Hewlett-Packard Development Company, L.P.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-02-24] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2012-02-24] ()
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3289032 2011-12-18] (GFI Software)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-22] (Intel Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [351232 2010-11-20] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 btmaux; C:\Windows\System32\Drivers\btmaux.sys [58128 2011-01-24] (Intel Corporation)
3 btmhsf; C:\Windows\System32\Drivers\btmhsf.sys [274944 2011-01-24] (Intel Corporation)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2010-07-28] (CyberLink Corporation)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-17] (LogMeIn, Inc.)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-01-24] (Intel Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
2 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [74872 2011-11-28] (GFI Software)
1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [256632 2011-12-18] (GFI Software)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [119416 2011-09-28] (GFI Software)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [119416 2011-09-28] (GFI Software)
3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60536 2011-12-18] (GFI Software)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-25] (GFI Software)
3 sbwtis; C:\Windows\System32\Drivers\sbwtis.sys [84600 2011-12-18] (GFI Software)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [29592 2011-03-18] (Almico Software)
========================== NetSvcs (Whitelisted) ===========
 
============ One Month Created Files and Folders ==============
2012-06-25 06:38 - 2012-06-25 06:39 - 00000000 ____D C:\FRST
2012-06-24 10:31 - 2012-06-24 10:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6EB4B77A0ED95D7
2012-06-23 16:06 - 2012-06-23 16:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2776F44B9BDADE9A
2012-06-23 16:02 - 2012-06-23 16:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4454BE71F7420283
2012-06-23 15:54 - 2012-06-23 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F6BB0301D7C9193
2012-06-23 15:50 - 2012-06-23 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BC5BFCA76D1A14E
2012-06-23 15:46 - 2012-06-23 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.288063D23FE735C6
2012-06-23 15:40 - 2012-06-23 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D33B7EDCFB801A37
2012-06-23 15:25 - 2012-06-23 15:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.32D927C0028193B1
2012-06-23 15:24 - 2012-06-23 16:02 - 00000254 ____A C:\Users\William\Documents\sirefefhelp.txt
2012-06-23 15:08 - 2012-06-23 15:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5E32C289B7F09BBD
2012-06-22 23:19 - 2012-06-22 23:19 - 00906237 ____A C:\Users\William\AppData\Local\census.cache
2012-06-22 23:19 - 2012-06-22 23:19 - 00120223 ____A C:\Users\William\AppData\Local\ars.cache
2012-06-22 22:59 - 2012-06-22 22:59 - 00000036 ____A C:\Users\William\AppData\Local\housecall.guid.cache
2012-06-22 22:55 - 2012-06-22 22:55 - 00000000 ____D C:\Users\William\AppData\Local\{C932B8BE-DDA0-4710-A262-5F157DB29A0D}
2012-06-22 22:49 - 2012-06-22 22:50 - 00000000 ____D C:\Users\William\AppData\Local\{6C6D0A96-59A8-47CB-B41F-1B73D4E6EC83}
2012-06-22 22:49 - 2012-06-22 22:49 - 00000000 ____D C:\Users\William\AppData\Local\{D5E77BD2-822C-4A40-ADBE-BF2353A99136}
2012-06-22 21:31 - 2012-06-22 21:31 - 00000043 ___RH C:\Users\William\Downloads\stinger.opt
2012-06-22 18:41 - 2012-06-22 21:31 - 00000000 ____D C:\Program Files (x86)\stinger
2012-06-22 18:12 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120623-121207.backup
2012-06-22 18:05 - 2012-06-22 23:28 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-22 18:05 - 2012-06-22 23:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-22 15:55 - 2012-06-22 15:56 - 16409960 ____A (Safer Networking Limited ) C:\Users\William\Downloads\spybotsd162.exe
2012-06-22 15:38 - 2012-06-22 15:39 - 09519208 ____A (McAfee Inc.) C:\Users\William\Downloads\stinger.exe
2012-06-22 15:35 - 2012-06-22 15:35 - 00532480 ____A (Trend Micro Incorporated) C:\Users\William\Downloads\cwshredder.exe
2012-06-22 15:21 - 2012-06-22 15:21 - 00002614 ____A C:\Users\William\Documents\msremoval.txt
2012-06-22 15:21 - 2012-06-22 15:21 - 00002614 ____A C:\Users\William\Documents\msremoval.bat
2012-06-22 15:13 - 2012-06-22 15:13 - 00000000 ____D C:\MATS
2012-06-22 14:59 - 2012-06-22 15:09 - 74761776 ____A C:\Users\William\Downloads\avast_free_antivirus_setup.exe
2012-06-22 10:49 - 2012-06-22 10:49 - 00286656 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-06-22 10:48 - 2012-06-22 10:49 - 00291328 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-06-22 10:48 - 2012-06-22 10:48 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-06-22 05:28 - 2012-06-22 05:28 - 00000000 ____D C:\Users\William\AppData\Local\{805C757F-AEF3-42BE-87BD-41538A400CF8}
2012-06-22 05:27 - 2012-06-22 05:28 - 00000000 ____D C:\Users\William\AppData\Local\{952BD9B8-A11F-4468-AE51-42388C619ED4}
2012-06-22 04:26 - 2012-06-22 04:26 - 00000043 ____A C:\Users\William\Documents\V.txt
2012-06-21 21:59 - 2012-06-23 15:57 - 00000948 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-06-21 20:51 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 20:51 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 20:51 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 20:51 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 20:51 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 20:51 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 20:51 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 20:51 - 2012-06-01 21:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 20:51 - 2012-06-01 21:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 13:18 - 2012-06-22 23:25 - 00000000 ____D C:\Users\William\AppData\Roaming\Kigax
2012-06-21 13:18 - 2012-06-21 13:18 - 00000000 ____D C:\Users\William\AppData\Roaming\Qateog
2012-06-21 13:18 - 2012-06-21 13:18 - 00000000 ____D C:\Users\William\AppData\Roaming\Obgoo
2012-06-21 12:31 - 2012-06-21 12:31 - 00000000 ____D C:\Users\William\AppData\Local\{D1D7BC12-77B2-4B10-A9E6-67AAADA4AD20}
2012-06-21 12:30 - 2012-06-21 12:31 - 00000000 ____D C:\Users\William\AppData\Local\{9CC541C1-EE2A-4321-BB58-6C0638B5BD33}
2012-06-21 12:25 - 2012-06-21 12:25 - 00000000 ____D C:\Windows\en
2012-06-21 12:21 - 2012-06-21 12:21 - 00000000 ____D C:\Users\William\AppData\Local\{B0253D13-0BD1-4E13-B143-27CE31CF1BB6}
2012-06-21 12:20 - 2012-06-21 12:21 - 00000000 ____D C:\Users\William\AppData\Local\{D7B717D8-617E-405C-8BDE-2A6C59319C06}
2012-06-21 12:19 - 2012-06-21 12:19 - 00000000 ____D C:\Users\William\AppData\Local\{C1DCB8D6-5883-48A2-BFF0-3819C4F879B9}
2012-06-21 12:18 - 2012-06-21 12:19 - 00000000 ____D C:\Users\William\AppData\Local\{BCACB1C9-67C8-4EF8-8BE5-BA87846689A2}
2012-06-21 12:04 - 2012-06-21 12:04 - 00000012 ____A C:\Users\William\Downloads\FSSC.dat
2012-06-21 12:03 - 2012-06-23 15:56 - 00001868 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-06-21 12:03 - 2011-12-18 18:44 - 00060536 ____A (GFI Software) C:\Windows\System32\Drivers\sbhips.sys
2012-06-21 12:02 - 2012-06-21 12:33 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-21 12:02 - 2012-06-21 12:02 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-06-21 12:02 - 2011-12-18 19:21 - 00045936 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2012-06-21 12:02 - 2011-12-18 18:44 - 00256632 ____A (GFI Software) C:\Windows\System32\Drivers\SbFw.sys
2012-06-21 12:02 - 2011-10-25 20:23 - 00057976 ____A (GFI Software) C:\Windows\System32\Drivers\sbredrv.sys
2012-06-21 12:02 - 2011-09-28 18:16 - 00119416 ____A (GFI Software) C:\Windows\System32\Drivers\SbFwIm.sys
2012-06-21 11:56 - 2012-06-21 11:56 - 00000000 ____D C:\Users\William\AppData\Local\{8F982421-8FAF-4B93-AF42-8151A42EE57A}
2012-06-21 11:55 - 2012-06-21 11:56 - 00000000 ____D C:\Users\William\AppData\Local\{551575B6-BF18-46EF-B354-8020D800D9FF}
2012-06-21 11:24 - 2012-06-22 23:25 - 00000000 ____D C:\Users\William\AppData\Roaming\Ad-Aware Antivirus
2012-06-21 11:23 - 2012-06-21 11:24 - 06236280 ____A (Lavasoft Limited) C:\Users\William\Downloads\Adaware_Installer.exe
2012-06-21 11:04 - 2012-06-21 11:04 - 02405568 ____A (Trend Micro Inc.) C:\Users\William\Downloads\HousecallLauncher64.exe
2012-06-20 10:03 - 2012-06-20 10:04 - 00002034 ____A C:\Users\William\Desktop\New Text Document (2).txt
2012-06-20 10:02 - 2012-06-20 10:02 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-19 18:15 - 2012-06-20 04:01 - 00000088 ____A C:\Users\William\Desktop\td.txt
2012-06-19 13:42 - 2012-06-20 05:15 - 00003751 ____A C:\Users\William\Desktop\plot.log
2012-06-19 13:38 - 2012-06-20 04:48 - 00000747 ____A C:\Users\William\Documents\plot.log
2012-06-19 02:26 - 2012-06-19 02:27 - 00000000 ____D C:\Users\William\AppData\Local\{7F50ABDC-2411-4AB7-BA54-F5D04FB05B9E}
2012-06-19 02:26 - 2012-06-19 02:26 - 00000000 ____D C:\Users\William\AppData\Local\{74FCDD2C-E4AC-4B0B-822D-17BA22B01A42}
2012-06-18 13:41 - 2012-06-21 02:44 - 00000555 ____A C:\Users\William\Desktop\New Text Document.txt
2012-06-18 04:35 - 2012-06-22 18:37 - 00000000 ____D C:\Users\William\Documents\New folder
2012-06-18 04:10 - 2012-06-18 04:10 - 00000000 ____D C:\Users\William\AppData\Local\{2274517E-0E35-48B4-8707-21B69B845CE1}
2012-06-17 10:13 - 2012-06-17 10:13 - 00000000 ____D C:\Users\William\AppData\Local\{9DD9B71C-118C-4A69-9DF2-9FA85C75B009}
2012-06-17 09:55 - 2012-06-17 09:55 - 00000000 ____D C:\Users\William\Desktop\DND
2012-06-17 09:54 - 2012-06-17 09:55 - 00000000 ____D C:\Users\William\Desktop\Tanks
2012-06-17 05:04 - 2012-06-17 05:04 - 00871136 ____A C:\Users\William\Documents\New WinRAR archive.rar
2012-06-16 10:13 - 2012-06-16 10:13 - 00000000 ____D C:\Users\William\AppData\Local\{2CBF532B-3807-49CF-80D5-23545503B962}
2012-06-15 12:30 - 2012-06-15 12:30 - 00000000 ____D C:\Users\William\Documents\Stronghold Kingdoms
2012-06-15 12:30 - 2012-06-15 12:30 - 00000000 ____D C:\Users\William\AppData\Roaming\Firefly Studios
2012-06-15 12:30 - 2012-06-15 12:30 - 00000000 ____D C:\Users\William\AppData\Local\Geckofx
2012-06-15 08:41 - 2012-04-16 08:41 - 00000032 ___RA C:\Users\All Users\hash.dat
2012-06-14 22:13 - 2012-06-14 22:13 - 00000000 ____D C:\Users\William\AppData\Local\{1EB9419E-0527-42C4-A6FC-F2297B053437}
2012-06-14 09:00 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 09:00 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 09:00 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 09:00 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 09:00 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 09:00 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 09:00 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 09:00 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 09:00 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 09:00 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 09:00 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 09:00 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 09:00 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 09:00 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 09:00 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 09:00 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 09:00 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 09:00 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 09:00 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 09:00 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 09:00 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 09:00 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 09:00 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 09:00 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 09:00 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 09:00 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 09:00 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 09:00 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 07:39 - 2012-06-14 07:38 - 00710148 ____A C:\Users\William\Desktop\roadmap.png
2012-06-14 04:42 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 04:42 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 04:42 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 04:01 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 04:01 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 04:01 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 03:59 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 03:59 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 03:59 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 03:58 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 03:58 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 03:58 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 03:58 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 03:58 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 03:58 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 03:58 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 03:58 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 22:08 - 2012-06-12 22:08 - 00000000 ____D C:\Users\William\Desktop\Concrete
2012-06-12 21:43 - 2012-02-09 04:41 - 00002631 ____A C:\Users\William\Desktop\AutoCAD 2012 - English.lnk
2012-06-12 21:15 - 2012-06-17 09:56 - 00000166 ____A C:\Users\William\Desktop\acad key.txt
2012-06-11 06:34 - 2012-06-11 06:34 - 00002556 ____A C:\Users\William\Desktop\Pasted_Data_0e55.txt
2012-06-11 01:02 - 2012-06-11 01:02 - 00000117 ____A C:\Users\William\Desktop\CLA.txt
2012-06-06 11:42 - 2012-06-06 11:43 - 00000021 ____A C:\Users\William\Downloads\startuprepair.txt
2012-06-06 11:41 - 2012-06-06 11:41 - 00000000 ____D C:\Users\William\AppData\Local\{820E333E-36B9-4D76-A20C-3EF7A3D9791B}
2012-06-06 11:40 - 2012-06-06 11:41 - 00000000 ____D C:\Users\William\AppData\Local\{D3BB7602-4B2A-47C9-A381-C10A04440772}
2012-06-06 11:22 - 2012-06-06 11:22 - 00000000 ____D C:\Users\William\AppData\Roaming\Malwarebytes
2012-06-06 11:21 - 2012-06-07 05:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-06 11:21 - 2012-06-06 11:21 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-06 11:16 - 2012-06-07 05:38 - 00000000 ___SD C:\32788R22FWJFW
2012-06-06 11:05 - 2012-06-06 11:06 - 02108959 ____A C:\Users\William\Downloads\123myapp.zip
2012-06-06 10:45 - 2012-06-06 10:45 - 00000000 ____D C:\Users\William\AppData\Roaming\Tific
2012-06-06 10:45 - 2012-06-06 10:45 - 00000000 ____D C:\Users\William\AppData\Local\Symantec
2012-06-06 10:40 - 2012-06-06 10:40 - 00000000 ____D C:\Users\All Users\99058D9B000E0013006FA362B4EB2367
2012-06-05 01:53 - 2012-06-05 02:48 - 00000000 ____D C:\Users\William\Desktop\Bens Stuff
2012-06-02 10:41 - 2012-06-02 10:41 - 00000000 ____D C:\Users\William\AppData\Local\{673C7A50-19D2-4196-A07D-15E0AF9BC81D}
2012-06-02 10:41 - 2012-06-02 10:41 - 00000000 ____D C:\Users\William\AppData\Local\{08EAFA37-CCF0-43B7-B4F8-A2B20ACB8586}
2012-06-02 00:25 - 2012-06-02 00:25 - 00000000 ____D C:\Users\William\AppData\Local\{FA97731D-27DC-4F3A-A52E-9982B7DF1828}
2012-06-02 00:25 - 2012-06-02 00:25 - 00000000 ____D C:\Users\William\AppData\Local\{CD419D8D-0CF0-4E31-98FE-AD07EF695D31}
2012-05-31 21:34 - 2012-05-31 21:27 - 00011462 ____A C:\Users\William\Desktop\agent.db
2012-05-28 23:44 - 2012-06-03 03:00 - 00000000 ____D C:\Users\William\Desktop\BAND OF BROTHERS-NUBTOASTER
2012-05-28 22:21 - 2010-01-19 22:42 - 00000000 ___AD C:\Users\William\Desktop\Company of Heroes _ All Heroes Rise
2012-05-28 18:05 - 2012-05-28 18:17 - 89237842 ____A C:\Users\William\Downloads\Company of Heroes _ All Heroes Rise.rar
 
============ 3 Months Modified Files and Folders =============
2012-06-25 06:39 - 2012-06-25 06:38 - 00000000 ____D C:\FRST
2012-06-24 10:31 - 2012-06-24 10:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6EB4B77A0ED95D7
2012-06-24 10:25 - 2009-07-13 21:13 - 00782270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-23 16:06 - 2012-06-23 16:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2776F44B9BDADE9A
2012-06-23 16:02 - 2012-06-23 16:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4454BE71F7420283
2012-06-23 16:02 - 2012-06-23 15:24 - 00000254 ____A C:\Users\William\Documents\sirefefhelp.txt
2012-06-23 16:02 - 2012-06-21 13:18 - 00000000 ____D C:\Users\William\AppData\Roaming\Qateog
2012-06-23 15:57 - 2012-06-21 21:59 - 00000948 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-06-23 15:56 - 2012-06-21 12:03 - 00001868 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-06-23 15:54 - 2012-06-23 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F6BB0301D7C9193
2012-06-23 15:50 - 2012-06-23 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BC5BFCA76D1A14E
2012-06-23 15:46 - 2012-06-23 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.288063D23FE735C6
2012-06-23 15:40 - 2012-06-23 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D33B7EDCFB801A37
2012-06-23 15:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-23 15:28 - 2009-07-13 20:51 - 00057893 ____A C:\Windows\setupact.log
2012-06-23 15:25 - 2012-06-23 15:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.32D927C0028193B1
2012-06-23 15:17 - 2011-07-27 19:51 - 01105945 ____A C:\Windows\WindowsUpdate.log
2012-06-23 15:14 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-23 15:14 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-23 15:08 - 2012-06-23 15:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5E32C289B7F09BBD
2012-06-22 23:28 - 2012-06-22 18:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-22 23:28 - 2012-06-22 18:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-22 23:27 - 2012-05-24 18:16 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-22 23:25 - 2012-06-21 13:18 - 00000000 ____D C:\Users\William\AppData\Roaming\Kigax
2012-06-22 23:25 - 2012-06-21 11:24 - 00000000 ____D C:\Users\William\AppData\Roaming\Ad-Aware Antivirus
2012-06-22 23:25 - 2012-05-01 09:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-22 23:25 - 2012-03-15 12:31 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-22 23:25 - 2012-03-15 12:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-22 23:19 - 2012-06-22 23:19 - 00906237 ____A C:\Users\William\AppData\Local\census.cache
2012-06-22 23:19 - 2012-06-22 23:19 - 00120223 ____A C:\Users\William\AppData\Local\ars.cache
2012-06-22 22:59 - 2012-06-22 22:59 - 00000036 ____A C:\Users\William\AppData\Local\housecall.guid.cache
2012-06-22 22:57 - 2012-04-21 11:07 - 00000000 ____D C:\Users\William\AppData\Roaming\uTorrent
2012-06-22 22:56 - 2011-11-24 02:55 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-22 22:55 - 2012-06-22 22:55 - 00000000 ____D C:\Users\William\AppData\Local\{C932B8BE-DDA0-4710-A262-5F157DB29A0D}
2012-06-22 22:55 - 2012-04-10 01:38 - 00000000 ____D C:\Users\William\AppData\Local\LogMeIn Hamachi
2012-06-22 22:54 - 2012-05-24 18:16 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-22 22:50 - 2012-06-22 22:49 - 00000000 ____D C:\Users\William\AppData\Local\{6C6D0A96-59A8-47CB-B41F-1B73D4E6EC83}
2012-06-22 22:49 - 2012-06-22 22:49 - 00000000 ____D C:\Users\William\AppData\Local\{D5E77BD2-822C-4A40-ADBE-BF2353A99136}
2012-06-22 22:49 - 2011-11-04 03:36 - 00000000 ____D C:\Users\William\AppData\Local\Windows Live
2012-06-22 21:31 - 2012-06-22 21:31 - 00000043 ___RH C:\Users\William\Downloads\stinger.opt
2012-06-22 21:31 - 2012-06-22 18:41 - 00000000 ____D C:\Program Files (x86)\stinger
2012-06-22 18:37 - 2012-06-18 04:35 - 00000000 ____D C:\Users\William\Documents\New folder
2012-06-22 18:12 - 2009-07-13 18:34 - 00442922 ___RA C:\Windows\System32\Drivers\etc\hosts.bak
2012-06-22 15:56 - 2012-06-22 15:55 - 16409960 ____A (Safer Networking Limited ) C:\Users\William\Downloads\spybotsd162.exe
2012-06-22 15:39 - 2012-06-22 15:38 - 09519208 ____A (McAfee Inc.) C:\Users\William\Downloads\stinger.exe
2012-06-22 15:35 - 2012-06-22 15:35 - 00532480 ____A (Trend Micro Incorporated) C:\Users\William\Downloads\cwshredder.exe
2012-06-22 15:21 - 2012-06-22 15:21 - 00002614 ____A C:\Users\William\Documents\msremoval.txt
2012-06-22 15:21 - 2012-06-22 15:21 - 00002614 ____A C:\Users\William\Documents\msremoval.bat
2012-06-22 15:13 - 2012-06-22 15:13 - 00000000 ____D C:\MATS
2012-06-22 15:09 - 2012-06-22 14:59 - 74761776 ____A C:\Users\William\Downloads\avast_free_antivirus_setup.exe
2012-06-22 10:49 - 2012-06-22 10:49 - 00286656 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-06-22 10:49 - 2012-06-22 10:48 - 00291328 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-06-22 10:48 - 2012-06-22 10:48 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-06-22 05:28 - 2012-06-22 05:28 - 00000000 ____D C:\Users\William\AppData\Local\{805C757F-AEF3-42BE-87BD-41538A400CF8}
2012-06-22 05:28 - 2012-06-22 05:27 - 00000000 ____D C:\Users\William\AppData\Local\{952BD9B8-A11F-4468-AE51-42388C619ED4}
2012-06-22 04:26 - 2012-06-22 04:26 - 00000043 ____A C:\Users\William\Documents\V.txt
2012-06-21 21:57 - 2012-01-10 23:34 - 00000000 __SHD C:\Users\William\AppData\Local\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}
2012-06-21 13:18 - 2012-06-21 13:18 - 00000000 ____D C:\Users\William\AppData\Roaming\Obgoo
2012-06-21 12:33 - 2012-06-21 12:02 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-21 12:31 - 2012-06-21 12:31 - 00000000 ____D C:\Users\William\AppData\Local\{D1D7BC12-77B2-4B10-A9E6-67AAADA4AD20}
2012-06-21 12:31 - 2012-06-21 12:30 - 00000000 ____D C:\Users\William\AppData\Local\{9CC541C1-EE2A-4321-BB58-6C0638B5BD33}
2012-06-21 12:25 - 2012-06-21 12:25 - 00000000 ____D C:\Windows\en
2012-06-21 12:24 - 2011-04-11 13:53 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-06-21 12:23 - 2011-04-11 13:53 - 00000000 ____D C:\Program Files\Windows Live
2012-06-21 12:22 - 2011-04-11 13:52 - 00324261 ____A C:\Windows\DirectX.log
2012-06-21 12:21 - 2012-06-21 12:21 - 00000000 ____D C:\Users\William\AppData\Local\{B0253D13-0BD1-4E13-B143-27CE31CF1BB6}
2012-06-21 12:21 - 2012-06-21 12:20 - 00000000 ____D C:\Users\William\AppData\Local\{D7B717D8-617E-405C-8BDE-2A6C59319C06}
2012-06-21 12:19 - 2012-06-21 12:19 - 00000000 ____D C:\Users\William\AppData\Local\{C1DCB8D6-5883-48A2-BFF0-3819C4F879B9}
2012-06-21 12:19 - 2012-06-21 12:18 - 00000000 ____D C:\Users\William\AppData\Local\{BCACB1C9-67C8-4EF8-8BE5-BA87846689A2}
2012-06-21 12:04 - 2012-06-21 12:04 - 00000012 ____A C:\Users\William\Downloads\FSSC.dat
2012-06-21 12:02 - 2012-06-21 12:02 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-06-21 11:56 - 2012-06-21 11:56 - 00000000 ____D C:\Users\William\AppData\Local\{8F982421-8FAF-4B93-AF42-8151A42EE57A}
2012-06-21 11:56 - 2012-06-21 11:55 - 00000000 ____D C:\Users\William\AppData\Local\{551575B6-BF18-46EF-B354-8020D800D9FF}
2012-06-21 11:31 - 2010-11-20 19:47 - 00231478 ____A C:\Windows\PFRO.log
2012-06-21 11:30 - 2011-07-27 20:02 - 00000000 ____D C:\Users\All Users\Norton
2012-06-21 11:24 - 2012-06-21 11:23 - 06236280 ____A (Lavasoft Limited) C:\Users\William\Downloads\Adaware_Installer.exe
2012-06-21 11:04 - 2012-06-21 11:04 - 02405568 ____A (Trend Micro Inc.) C:\Users\William\Downloads\HousecallLauncher64.exe
2012-06-21 02:44 - 2012-06-18 13:41 - 00000555 ____A C:\Users\William\Desktop\New Text Document.txt
2012-06-20 10:04 - 2012-06-20 10:03 - 00002034 ____A C:\Users\William\Desktop\New Text Document (2).txt
2012-06-20 10:02 - 2012-06-20 10:02 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-20 05:15 - 2012-06-19 13:42 - 00003751 ____A C:\Users\William\Desktop\plot.log
2012-06-20 04:48 - 2012-06-19 13:38 - 00000747 ____A C:\Users\William\Documents\plot.log
2012-06-20 04:01 - 2012-06-19 18:15 - 00000088 ____A C:\Users\William\Desktop\td.txt
2012-06-20 01:43 - 2012-02-17 05:09 - 01069391 ____A C:\acadminidump.dmp
2012-06-19 02:27 - 2012-06-19 02:26 - 00000000 ____D C:\Users\William\AppData\Local\{7F50ABDC-2411-4AB7-BA54-F5D04FB05B9E}
2012-06-19 02:26 - 2012-06-19 02:26 - 00000000 ____D C:\Users\William\AppData\Local\{74FCDD2C-E4AC-4B0B-822D-17BA22B01A42}
2012-06-18 08:19 - 2011-11-04 05:32 - 00000000 ____D C:\Users\William\AppData\Local\CrashDumps
2012-06-18 04:10 - 2012-06-18 04:10 - 00000000 ____D C:\Users\William\AppData\Local\{2274517E-0E35-48B4-8707-21B69B845CE1}
2012-06-17 10:13 - 2012-06-17 10:13 - 00000000 ____D C:\Users\William\AppData\Local\{9DD9B71C-118C-4A69-9DF2-9FA85C75B009}
2012-06-17 09:58 - 2011-11-19 11:53 - 00000000 ____D C:\Users\William\Downloads\New folder
2012-06-17 09:56 - 2012-06-12 21:15 - 00000166 ____A C:\Users\William\Desktop\acad key.txt
2012-06-17 09:55 - 2012-06-17 09:55 - 00000000 ____D C:\Users\William\Desktop\DND
2012-06-17 09:55 - 2012-06-17 09:54 - 00000000 ____D C:\Users\William\Desktop\Tanks
2012-06-17 05:04 - 2012-06-17 05:04 - 00871136 ____A C:\Users\William\Documents\New WinRAR archive.rar
2012-06-16 10:13 - 2012-06-16 10:13 - 00000000 ____D C:\Users\William\AppData\Local\{2CBF532B-3807-49CF-80D5-23545503B962}
2012-06-15 12:30 - 2012-06-15 12:30 - 00000000 ____D C:\Users\William\Documents\Stronghold Kingdoms
2012-06-15 12:30 - 2012-06-15 12:30 - 00000000 ____D C:\Users\William\AppData\Roaming\Firefly Studios
2012-06-15 12:30 - 2012-06-15 12:30 - 00000000 ____D C:\Users\William\AppData\Local\Geckofx
2012-06-14 22:16 - 2012-04-19 04:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-14 22:16 - 2011-11-23 04:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 22:13 - 2012-06-14 22:13 - 00000000 ____D C:\Users\William\AppData\Local\{1EB9419E-0527-42C4-A6FC-F2297B053437}
2012-06-14 15:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-14 11:18 - 2009-07-13 20:45 - 00492336 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 09:10 - 2012-02-26 01:01 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-14 09:06 - 2012-04-23 18:03 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 07:38 - 2012-06-14 07:39 - 00710148 ____A C:\Users\William\Desktop\roadmap.png
2012-06-13 08:00 - 2011-12-13 00:18 - 00000000 ____D C:\Users\William\Documents\Youcam
2012-06-12 22:08 - 2012-06-12 22:08 - 00000000 ____D C:\Users\William\Desktop\Concrete
2012-06-11 06:34 - 2012-06-11 06:34 - 00002556 ____A C:\Users\William\Desktop\Pasted_Data_0e55.txt
2012-06-11 06:32 - 2011-11-14 00:19 - 00000000 ____D C:\Users\William\Documents\My Received Files
2012-06-11 01:02 - 2012-06-11 01:02 - 00000117 ____A C:\Users\William\Desktop\CLA.txt
2012-06-07 05:38 - 2012-06-06 11:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 05:38 - 2012-06-06 11:16 - 00000000 ___SD C:\32788R22FWJFW
2012-06-07 05:38 - 2011-11-05 01:03 - 00000000 ____D C:\users\Kim
2012-06-07 05:38 - 2011-11-04 05:58 - 00000000 ____D C:\Users\William\AppData\Roaming\vlc
2012-06-07 05:38 - 2011-07-27 20:40 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-07 05:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-06 11:43 - 2012-06-06 11:42 - 00000021 ____A C:\Users\William\Downloads\startuprepair.txt
2012-06-06 11:41 - 2012-06-06 11:41 - 00000000 ____D C:\Users\William\AppData\Local\{820E333E-36B9-4D76-A20C-3EF7A3D9791B}
2012-06-06 11:41 - 2012-06-06 11:40 - 00000000 ____D C:\Users\William\AppData\Local\{D3BB7602-4B2A-47C9-A381-C10A04440772}
2012-06-06 11:39 - 2011-11-03 15:07 - 00000000 ____D C:\users\William
2012-06-06 11:22 - 2012-06-06 11:22 - 00000000 ____D C:\Users\William\AppData\Roaming\Malwarebytes
2012-06-06 11:21 - 2012-06-06 11:21 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-06 11:06 - 2012-06-06 11:05 - 02108959 ____A C:\Users\William\Downloads\123myapp.zip
2012-06-06 10:45 - 2012-06-06 10:45 - 00000000 ____D C:\Users\William\AppData\Roaming\Tific
2012-06-06 10:45 - 2012-06-06 10:45 - 00000000 ____D C:\Users\William\AppData\Local\Symantec
2012-06-06 10:40 - 2012-06-06 10:40 - 00000000 ____D C:\Users\All Users\99058D9B000E0013006FA362B4EB2367
2012-06-05 02:48 - 2012-06-05 01:53 - 00000000 ____D C:\Users\William\Desktop\Bens Stuff
2012-06-03 03:00 - 2012-05-28 23:44 - 00000000 ____D C:\Users\William\Desktop\BAND OF BROTHERS-NUBTOASTER
2012-06-02 14:19 - 2012-06-21 20:51 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 20:51 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 20:51 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 20:51 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 20:51 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 20:51 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 20:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 10:41 - 2012-06-02 10:41 - 00000000 ____D C:\Users\William\AppData\Local\{673C7A50-19D2-4196-A07D-15E0AF9BC81D}
2012-06-02 10:41 - 2012-06-02 10:41 - 00000000 ____D C:\Users\William\AppData\Local\{08EAFA37-CCF0-43B7-B4F8-A2B20ACB8586}
2012-06-02 00:25 - 2012-06-02 00:25 - 00000000 ____D C:\Users\William\AppData\Local\{FA97731D-27DC-4F3A-A52E-9982B7DF1828}
2012-06-02 00:25 - 2012-06-02 00:25 - 00000000 ____D C:\Users\William\AppData\Local\{CD419D8D-0CF0-4E31-98FE-AD07EF695D31}
2012-06-01 21:19 - 2012-06-21 20:51 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 21:15 - 2012-06-21 20:51 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 04:50 - 2012-04-20 13:15 - 00000000 ____D C:\Users\William\Documents\Diablo III
2012-05-31 21:27 - 2012-05-31 21:34 - 00011462 ____A C:\Users\William\Desktop\agent.db
2012-05-31 21:25 - 2012-05-14 23:45 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-05-28 18:17 - 2012-05-28 18:05 - 89237842 ____A C:\Users\William\Downloads\Company of Heroes _ All Heroes Rise.rar
2012-05-24 18:17 - 2012-05-24 18:16 - 00000000 ____D C:\Program Files (x86)\Google
2012-05-24 18:16 - 2012-04-21 11:10 - 00000000 ____D C:\Users\William\AppData\Local\Google
2012-05-24 11:32 - 2012-05-24 11:31 - 00000000 ____D C:\Users\William\AppData\Local\{F7F59D42-2B5D-4278-A611-0B07D4EEE1FF}
2012-05-24 11:31 - 2012-05-24 11:31 - 00000000 ____D C:\Users\William\AppData\Local\{5818E925-7FC3-4464-8FE3-8E4B58F562EF}
2012-05-24 09:26 - 2012-05-24 09:26 - 00000000 ____D C:\Users\William\AppData\Local\{4AF8B1A8-C8C7-48E7-8EB9-AC70E45F5C2A}
2012-05-24 09:26 - 2012-05-24 09:25 - 00000000 ____D C:\Users\William\AppData\Local\{3A1428E6-8880-4F93-87E2-50261445161E}
2012-05-23 05:51 - 2012-05-23 05:51 - 00000000 ____D C:\Users\William\AppData\Local\{A099CF41-E0AC-4E0B-8C9F-3AB6EE9C3747}
2012-05-23 05:51 - 2012-05-23 05:51 - 00000000 ____D C:\Users\William\AppData\Local\{6F33D219-C685-4440-9C81-A6031AE26439}
2012-05-19 02:54 - 2012-05-19 02:53 - 00000000 ____D C:\Users\William\Downloads\High_School_DxD
2012-05-17 18:47 - 2012-06-14 09:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 09:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 09:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 09:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 09:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 09:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 09:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 09:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 09:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 09:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 09:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 09:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 09:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 09:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 09:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 09:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 09:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 09:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 09:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 09:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 09:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 09:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 09:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 09:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 09:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 09:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 09:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 09:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 00:57 - 2012-05-15 00:57 - 00000000 ____D C:\Users\William\AppData\Local\{7B5F6731-BDA5-4331-9DF4-9E83FAB7AFCA}
2012-05-15 00:56 - 2012-05-15 00:56 - 00000000 ____D C:\Users\William\AppData\Local\{3BAC3488-11DD-47A9-AF5A-FEAFC67736CC}
2012-05-15 00:18 - 2012-05-14 23:45 - 00001193 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-14 23:37 - 2012-05-14 23:37 - 00000000 ____D C:\Users\William\AppData\Local\{5AB733D8-F346-40AC-BF25-E1A4B256DCD0}
2012-05-14 23:37 - 2012-05-14 23:37 - 00000000 ____D C:\Users\William\AppData\Local\{50C8D57A-A5CB-461C-952C-CF14C570288C}
2012-05-14 17:32 - 2012-06-14 03:59 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 15:47 - 2012-04-21 11:09 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-14 15:47 - 2011-04-11 13:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 15:32 - 2012-05-14 15:31 - 00000000 ____D C:\Users\William\AppData\Local\{1D27C00B-C5CF-4B60-B91A-C8C62304FAC8}
2012-05-14 15:31 - 2012-05-14 15:31 - 00000000 ____D C:\Users\William\AppData\Local\{3DDBB007-6FE0-4F36-8DF3-C80665F11599}
2012-05-13 01:43 - 2012-05-13 01:43 - 00000000 ___HD C:\Users\All Users\CanonBJ
2012-05-13 01:33 - 2012-05-13 01:33 - 00000000 ____D C:\Program Files\Common Files\Canon
2012-05-05 20:04 - 2012-05-05 20:04 - 00000000 ____D C:\Users\William\AppData\Local\{D4E31868-3559-4FDF-B79E-45D0DADB79C9}
2012-05-05 20:04 - 2012-05-05 20:04 - 00000000 ____D C:\Users\William\AppData\Local\{A650CCCD-87BB-4D9C-A442-76934178F24F}
2012-05-05 08:24 - 2012-05-05 08:24 - 00000000 ____D C:\Users\William\AppData\Local\{CCF23EE5-8701-4F1F-ADE5-F9CE105832DF}
2012-05-05 08:24 - 2012-05-05 08:24 - 00000000 ____D C:\Users\William\AppData\Local\{899FBCF1-A928-45E0-8C26-081850B2BFCF}
2012-05-04 09:59 - 2012-05-04 09:59 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-14 04:42 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 04:42 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 04:42 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 21:29 - 2012-05-03 21:28 - 00000000 ____D C:\Users\William\AppData\Local\{3139E817-BAE9-4293-A287-3F2F6724FB0F}
2012-05-03 21:28 - 2012-05-03 21:28 - 00000000 ____D C:\Users\William\AppData\Local\{74424FD1-5702-4A4F-A71C-63EAC5F94186}
2012-05-01 09:03 - 2012-02-09 04:38 - 00788116 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-30 21:40 - 2012-06-14 03:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 14:35 - 2012-04-28 14:35 - 00000769 ____A C:\Users\Public\Desktop\World of Tanks.lnk
2012-04-28 13:26 - 2012-04-27 15:22 - 2827185200 ____A C:\Users\William\Desktop\WoT_0.7.2_us_setup.exe
2012-04-27 19:55 - 2012-06-14 03:59 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 19:48 - 2012-04-27 19:48 - 00000000 ____D C:\Users\William\AppData\Local\{DC9F844C-8F4C-4F58-85D2-425D435FF882}
2012-04-27 19:48 - 2012-04-27 19:47 - 00000000 ____D C:\Users\William\AppData\Local\{AA02F7C7-1B36-4C6F-A92B-623FDEEC8CC8}
2012-04-27 15:20 - 2012-04-27 15:20 - 00027309 ____A C:\Users\William\Desktop\WoT_0.7.2_us_setup.exe.torrent
2012-04-27 12:42 - 2012-04-27 12:41 - 00000000 ____D C:\Users\William\AppData\Local\{8AC9C241-2253-42F6-8A3A-3695EBEF431C}
2012-04-27 12:41 - 2012-04-27 12:41 - 00000000 ____D C:\Users\William\AppData\Local\{17C9A355-731B-4146-964A-4EB5484926AB}
2012-04-27 12:33 - 2012-04-27 12:30 - 05718872 ____A (Microsoft Corporation) C:\Users\William\Documents\vcredist_x64.exe
2012-04-27 12:23 - 2012-04-27 12:22 - 00889416 ____A (Microsoft Corporation) C:\Users\William\Documents\dotNetFx40_Full_setup.exe
2012-04-26 17:17 - 2012-04-25 22:22 - 00000000 ____D C:\Users\William\AppData\Roaming\wargaming.net
2012-04-25 22:26 - 2011-12-31 08:35 - 00000000 ____D C:\Users\William\Desktop\Stuff
2012-04-25 22:24 - 2012-04-25 22:22 - 00000000 ____D C:\Users\William\Desktop\Papercraft
2012-04-25 21:41 - 2012-06-14 04:01 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 04:01 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:37 - 2012-04-25 21:37 - 00000000 ____D C:\Games
2012-04-25 21:34 - 2012-06-14 04:01 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 19:42 - 2012-04-25 19:42 - 00000000 ____D C:\Users\William\AppData\Local\{E9AB121E-9AD2-4F7C-A877-10AD53577731}
2012-04-25 19:42 - 2012-04-25 19:42 - 00000000 ____D C:\Users\William\AppData\Local\{374A96E6-109A-4629-97F5-25D06CE53639}
2012-04-24 17:10 - 2012-04-24 17:10 - 00012188 ____A C:\Users\William\Documents\hs_err_pid11412.log
2012-04-23 21:37 - 2012-06-14 03:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 03:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 03:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 03:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 03:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 03:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 18:15 - 2012-04-23 18:15 - 00000000 ____D C:\Users\William\AppData\Local\{9CAD54F5-EF08-454F-9EFA-2529B682A457}
2012-04-23 18:15 - 2012-04-23 18:15 - 00000000 ____D C:\Users\William\AppData\Local\{814648D4-404E-4EE5-B928-A1A8899D8FC9}
2012-04-23 17:52 - 2012-04-23 17:52 - 00000000 ____D C:\Users\William\AppData\Local\{FE71CC4A-4DE3-447C-A2F5-1FC448A3F342}
2012-04-23 17:52 - 2012-04-23 17:52 - 00000000 ____D C:\Users\William\AppData\Local\{072DECA5-85AF-4094-AFD7-4BBA7B65C8F5}
2012-04-23 06:26 - 2012-04-23 06:26 - 00000000 ____D C:\Users\William\AppData\Local\{DA3AAFBE-0704-4AE0-87CD-B6399D4FAB11}
2012-04-23 06:26 - 2012-04-23 06:26 - 00000000 ____D C:\Users\William\AppData\Local\{0A7E6280-BCE0-484B-A9C2-0A8FB34122E7}
2012-04-22 06:04 - 2012-04-22 06:04 - 00000000 ____D C:\Users\William\AppData\Local\{B272F7D2-1ABB-4F21-A18D-566469E623B7}
2012-04-22 06:04 - 2012-04-22 06:04 - 00000000 ____D C:\Users\William\AppData\Local\{5F4E47F5-F77D-4059-942E-E5D8B2EC6B0F}
2012-04-22 05:22 - 2012-04-22 05:22 - 00000000 ____D C:\Users\William\AppData\Local\{816DCF08-7A8B-4D57-BD19-299211011364}
2012-04-22 05:22 - 2012-04-22 05:22 - 00000000 ____D C:\Users\William\AppData\Local\{395ED5E2-8A43-4B6E-91F1-CCB83D17EB16}
2012-04-22 02:00 - 2012-04-22 02:00 - 00000000 ____D C:\Users\William\AppData\Local\{09A7074C-0A4C-4F58-B4F4-32FCBBC600E2}
2012-04-22 02:00 - 2012-04-22 01:59 - 00000000 ____D C:\Users\William\AppData\Local\{63B90C20-8F10-4ACE-BAEB-07642F9106A6}
2012-04-21 11:09 - 2012-04-21 11:09 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-04-21 10:10 - 2012-04-21 10:10 - 00000000 ____D C:\Users\William\AppData\Local\{E5966B69-A555-4214-8476-5B664A47B482}
2012-04-21 10:10 - 2012-04-21 10:10 - 00000000 ____D C:\Users\William\AppData\Local\{173660CB-7AAB-4711-8BFC-6D1D567DCD33}
2012-04-20 13:18 - 2012-04-20 13:18 - 00000000 ____D C:\Users\William\AppData\Local\{F0F99CE1-FE37-4D26-AC7D-56DC9F5C4FC8}
2012-04-20 13:18 - 2012-04-20 13:18 - 00000000 ____D C:\Users\William\AppData\Local\{AB1458AB-3934-4414-A377-69EBC6DA03B2}
2012-04-20 13:15 - 2012-04-20 13:15 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-20 13:15 - 2012-04-20 01:09 - 00000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-04-20 01:06 - 2012-04-17 10:05 - 00000699 ____A C:\Users\William\Documents\Balance.txt
2012-04-20 01:05 - 2012-04-20 01:04 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-20 01:03 - 2012-04-20 00:58 - 46104904 ____A (Blizzard Entertainment) C:\Users\William\Documents\Diablo-III-Beta-enUS-Setup.exe
2012-04-20 01:00 - 2012-02-17 05:24 - 00007058 ____A C:\Users\William\Downloads\Toilet_top2.zip
2012-04-19 04:44 - 2012-04-19 04:44 - 00000000 ____D C:\Windows\System32\Macromed
2012-04-18 14:28 - 2012-04-18 14:28 - 00000000 ____D C:\Users\William\AppData\Local\{4AA52093-2B72-4E30-B0DC-3E2FDAAC8722}
2012-04-18 14:28 - 2012-04-18 14:28 - 00000000 ____D C:\Users\William\AppData\Local\{005BAAD6-71A0-452A-9B55-83A2E0739911}
2012-04-18 06:37 - 2012-04-18 06:37 - 00000000 ____D C:\Users\William\AppData\Local\{0D0706E4-E7BF-4804-876E-DB424B9D1444}
2012-04-17 08:28 - 2012-04-17 08:27 - 00000000 ____D C:\Users\William\AppData\Local\{CB3E656B-065A-408F-BCC4-734FA60B52E5}
2012-04-17 08:27 - 2012-04-17 08:27 - 00000000 ____D C:\Users\William\AppData\Local\{2418178B-6CB9-4F41-881D-64C73DB00559}
2012-04-16 08:41 - 2012-06-15 08:41 - 00000032 ___RA C:\Users\All Users\hash.dat
2012-04-15 13:12 - 2012-04-15 13:12 - 00000000 ____D C:\Users\William\AppData\Local\{543EDAF0-5BB5-4B54-BBA2-03B097AE57B3}
2012-04-15 13:12 - 2012-04-15 13:12 - 00000000 ____D C:\Users\William\AppData\Local\{1BF79B0A-CAE0-4520-B63E-ABA41543DAB4}
2012-04-14 23:47 - 2012-04-14 23:46 - 00000000 ____D C:\Users\William\AppData\Local\{06A2F02C-0666-477C-8D6F-D2350ED28DB8}
2012-04-14 23:46 - 2012-04-14 23:46 - 00000000 ____D C:\Users\William\AppData\Local\{7D16FBBA-4944-42C1-A3F0-5AAEC3787681}
2012-04-13 09:35 - 2012-04-13 09:35 - 00879984 ____A (BitTorrent, Inc.) C:\Users\William\Documents\uTorrent.exe
2012-04-13 08:55 - 2012-04-13 08:55 - 00000000 ____D C:\Users\William\AppData\Local\{6BCB3033-CA93-4652-B07D-D5F8BEBAD057}
2012-04-13 08:55 - 2012-04-13 08:54 - 00000000 ____D C:\Users\William\AppData\Local\{A69ADD37-CD78-4B9F-B197-B67FDB9DE163}
2012-04-13 05:01 - 2012-04-10 01:33 - 00000038 ____A C:\Users\William\Documents\ip.txt
2012-04-13 00:13 - 2012-04-13 00:13 - 00000000 ____D C:\Users\William\AppData\Local\{0E8E7E03-C715-4BDC-A497-1A56CD2CCEC3}
2012-04-12 12:05 - 2012-04-12 12:04 - 00000000 ____D C:\Users\William\AppData\Local\{3DAFE9CD-DF38-4F9D-BEE1-5696B4642F2E}
2012-04-12 00:04 - 2012-04-12 00:04 - 00000000 ____D C:\Users\William\AppData\Local\{D0312489-C85B-4E45-8732-7BC8C889A9B3}
2012-04-11 11:03 - 2012-04-11 11:03 - 00000000 ____D C:\Users\William\AppData\Local\{7B92EA74-F02B-40B5-9E30-06567B708C72}
2012-04-10 23:03 - 2012-04-10 23:02 - 00000000 ____D C:\Users\William\AppData\Local\{10478D6C-3BC7-4C97-A3A0-FB19ED2726C4}
2012-04-10 10:11 - 2012-04-10 10:10 - 00000000 ____D C:\Users\William\AppData\Local\{A71B2685-497B-44C6-8540-D69F36E0DEB4}
2012-04-10 02:00 - 2012-04-10 01:59 - 00000000 ____D C:\Users\William\AppData\Roaming\Ventrilo
2012-04-10 01:58 - 2012-04-10 01:58 - 00000917 ____A C:\Users\William\Desktop\Ventrilo.lnk
2012-04-10 01:58 - 2012-04-10 01:58 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-04-10 01:58 - 2012-04-10 01:58 - 00000000 ____D C:\Program Files\Ventrilo
2012-04-10 01:49 - 2012-04-10 01:48 - 04135696 ____A C:\Users\William\Documents\ventrilo-3.0.8-Windows-x64.exe
2012-04-10 01:39 - 2012-04-10 01:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-04-10 01:39 - 2012-04-10 01:38 - 00000926 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2012-04-10 01:38 - 2012-04-10 01:37 - 03849216 ____A C:\Users\William\Documents\hamachi.msi
2012-04-10 01:15 - 2012-04-10 01:15 - 00001469 ____A C:\Users\William\Desktop\terraria - Shortcut.lnk
2012-04-10 00:39 - 2012-04-10 00:39 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-04-10 00:39 - 2011-11-18 23:03 - 00000000 ____D C:\Users\William\Documents\My Games
2012-04-10 00:32 - 2012-04-10 00:32 - 00000222 ____A C:\Users\William\Desktop\Terraria.url
2012-04-09 22:10 - 2012-04-09 22:10 - 00000000 ____D C:\Users\William\AppData\Local\{98AA08ED-BB2A-4370-BD60-BC6F8CC31993}
2012-04-09 12:34 - 2012-04-09 12:34 - 00000000 ____D C:\Users\William\AppData\Local\blekkotb
2012-04-09 09:28 - 2012-04-09 09:28 - 00000000 ____D C:\Users\William\AppData\Local\{3D945E30-FF29-46DB-B25F-21311019BC32}
2012-04-09 07:20 - 2012-02-26 01:11 - 00000000 ____D C:\Users\William\Desktop\Engineering Drafting NMIT
2012-04-09 06:20 - 2012-04-09 06:20 - 08981679 ____A C:\Users\William\Downloads\agif.zip
2012-04-09 01:17 - 2012-04-09 01:16 - 00000000 ____D C:\Users\Kim\AppData\Local\{46ECD20D-542A-4780-9DCF-4F10D4A45829}
2012-04-09 01:16 - 2011-11-05 01:17 - 00000000 ____D C:\Users\Kim\AppData\Local\Windows Live
2012-04-09 01:16 - 2011-11-05 01:16 - 00000000 ____D C:\Users\Kim\Tracing
2012-04-08 21:28 - 2012-04-08 21:27 - 00000000 ____D C:\Users\William\AppData\Local\{6B34BCFE-8EED-4860-876E-8B15448A229D}
2012-04-08 10:11 - 2012-04-06 08:21 - 00001977 ____A C:\Users\William\Documents\New Text Document.txt
2012-04-08 02:28 - 2012-04-08 02:27 - 00000000 ____D C:\Users\William\AppData\Local\{E679B106-7012-4CF0-A396-65057390E8CD}
2012-04-07 08:25 - 2012-04-07 08:25 - 00000000 ____D C:\Users\William\AppData\Local\{7A803DA9-0F3B-4962-B983-CBBF056F3095}
2012-04-07 04:31 - 2012-06-14 03:58 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-14 03:58 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 19:25 - 2012-04-06 19:25 - 00000000 ____D C:\Users\William\AppData\Local\{D13EBF3A-2F93-480F-98B1-972E74301E3D}
2012-04-06 05:38 - 2012-04-06 05:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-06 04:16 - 2012-04-06 04:16 - 00000000 ____D C:\Users\William\AppData\Local\{BC678C9F-4B31-4154-9C89-0CCF42FF2733}
2012-04-05 16:08 - 2012-04-05 16:08 - 00000000 ____D C:\Users\Kim\AppData\Local\{D8B35795-4A07-466B-95C9-DB1894EFA229}
2012-04-05 15:08 - 2012-04-05 15:08 - 00000000 ____D C:\Users\William\AppData\Local\{46C31C06-75F7-436E-894C-01F589EF1E9E}
2012-04-05 04:08 - 2012-04-05 04:07 - 00000000 ____D C:\Users\Kim\AppData\Local\{71AB16B5-3E6F-4A32-8438-BACA6DB7B0A0}
2012-04-05 03:08 - 2012-04-05 03:07 - 00000000 ____D C:\Users\William\AppData\Local\{DB139709-AF2A-411B-86D8-2DEC8A25B33C}
2012-04-04 16:07 - 2012-04-04 16:07 - 00000000 ____D C:\Users\Kim\AppData\Local\{1E34C9F8-73A1-4C85-A64D-0A81F7131216}
2012-04-04 15:07 - 2012-04-04 15:07 - 00000000 ____D C:\Users\William\AppData\Local\{0455DBC3-179B-48C9-8B8E-293457935D59}
2012-04-04 04:07 - 2012-04-04 04:07 - 00000000 ____D C:\Users\Kim\AppData\Local\{B58CF5DB-3DE5-431C-9283-E909D52C17DB}
2012-04-04 04:07 - 2011-11-05 01:04 - 00140856 ____A C:\Users\Kim\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-03 22:29 - 2012-04-03 22:28 - 00000000 ____D C:\Users\William\AppData\Local\{E5663963-EF94-4AC4-98DD-073316EC387E}
2012-04-03 02:04 - 2012-04-03 02:03 - 00000000 ____D C:\Users\William\AppData\Local\{7895DF0A-09DE-4780-BAAF-950FE71BA1B9}
2012-04-02 06:25 - 2012-04-02 06:25 - 00000000 ____D C:\Users\William\AppData\Local\{86CC6370-2C2C-4C7C-B21E-A85B34E5E1AC}
2012-03-31 19:15 - 2012-03-31 19:15 - 00000000 ____D C:\Users\William\AppData\Local\{E6CAEFBD-62F4-48CF-A212-DFCF31375DA0}
2012-03-31 07:15 - 2012-03-31 07:15 - 00000000 ____D C:\Users\William\AppData\Local\{B2F975B5-AB7F-4D66-A8B2-9ADE9053211D}
2012-03-30 19:15 - 2012-03-30 19:15 - 00000000 ____D C:\Users\William\AppData\Local\{52A92AAE-36FB-487D-B0AF-35A0E3E64AAF}
2012-03-30 03:35 - 2012-05-11 18:45 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 16:29 - 2012-03-29 16:29 - 00000000 ____D C:\Users\William\AppData\Local\{12A7E86B-7713-4486-8997-4DC87065FEDA}
2012-03-29 02:09 - 2012-03-29 02:09 - 00000000 ____D C:\Users\William\AppData\Local\{44029A10-FDA7-4BF1-96B1-10E0894CF832}
ZeroAccess:
C:\Windows\Installer\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}
C:\Windows\Installer\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}\@
C:\Windows\Installer\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}\L
C:\Windows\Installer\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}\U
C:\Windows\Installer\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}\U\800000cb.@
ZeroAccess:
C:\Users\William\AppData\Local\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}
C:\Users\William\AppData\Local\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}\@
C:\Users\William\AppData\Local\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}\L
C:\Users\William\AppData\Local\{9908c7e5-0a20-c330-0c1c-5cd5a070f4f3}\U
 
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 11%
Total physical RAM: 8139.86 MB
Available physical RAM: 7195.15 MB
Total Pagefile: 8138.01 MB
Available Pagefile: 7184.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:917.23 GB) (Free:611.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.99 GB) (Free:1.56 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (NexStar120G) (Fixed) (Total:111.79 GB) (Free:7.11 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 111 GB 1024 KB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 917 GB 200 MB
Partition 3 Primary 13 GB 917 GB
Partition 4 Primary 102 MB 931 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 917 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 111 GB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NexStar120G NTFS Partition 111 GB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-17 19:59
======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
thanks. here you go. you must be sick of these sirefef posts

Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 2012-06-25 07:33:36
Running from H:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

See if you can boot normally.

If so....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    1.5 KB · Views: 3
ComboFix 12-06-24.03 - William 25/06/2012 9:26.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8140.5565 [GMT 10:00]
Running from: c:\users\William\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-25 14:38 . 2012-06-25 14:39 -------- d-----w- C:\FRST
2012-06-24 23:35 . 2012-06-24 23:35 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E14027F9-EF3B-47A1-BF8F-5E74ACB5146A}\offreg.dll
2012-06-24 23:33 . 2012-06-24 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 23:33 . 2012-06-24 23:33 -------- d-----w- c:\users\Kim\AppData\Local\temp
2012-06-24 23:23 . 2012-06-17 17:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-24 23:23 . 2012-06-17 17:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E14027F9-EF3B-47A1-BF8F-5E74ACB5146A}\mpengine.dll
2012-06-23 23:06 . 2012-02-09 04:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-23 23:06 . 2012-02-09 04:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB93F2E3-6590-4AB6-9808-B2BFF0EADB0F}\gapaengine.dll
2012-06-23 02:41 . 2012-06-23 05:31 -------- d-----w- c:\program files (x86)\stinger
2012-06-23 02:05 . 2012-06-24 23:35 -------- d-----w- c:\windows\system32\wbem\repository
2012-06-23 02:05 . 2012-06-23 07:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-23 02:05 . 2012-06-23 07:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-22 23:13 . 2012-06-22 23:13 -------- d-----w- C:\MATS
2012-06-22 18:48 . 2012-06-22 18:48 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-06-22 04:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 04:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 04:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 04:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 04:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 04:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 04:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 04:51 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 04:51 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 21:18 . 2012-06-24 00:02 -------- d-----w- c:\users\William\AppData\Roaming\Qateog
2012-06-21 21:18 . 2012-06-23 07:25 -------- d-----w- c:\users\William\AppData\Roaming\Kigax
2012-06-21 21:18 . 2012-06-21 21:18 -------- d-----w- c:\users\William\AppData\Roaming\Obgoo
2012-06-21 20:25 . 2012-06-21 20:25 -------- d-----w- c:\windows\en
2012-06-21 20:03 . 2011-12-19 02:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-06-21 20:02 . 2011-12-19 03:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-06-21 20:02 . 2011-12-19 02:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-06-21 20:02 . 2011-10-26 04:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-06-21 20:02 . 2011-09-29 02:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-06-21 20:02 . 2012-06-21 20:33 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-06-21 20:02 . 2012-06-21 20:02 -------- d-----w- c:\programdata\Lavasoft
2012-06-21 19:24 . 2012-06-23 07:25 -------- d-----w- c:\users\William\AppData\Roaming\Ad-Aware Antivirus
2012-06-20 18:02 . 2012-06-20 18:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-15 20:30 . 2012-06-15 20:30 -------- d-----w- c:\users\William\AppData\Local\Geckofx
2012-06-15 20:30 . 2012-06-15 20:30 -------- d-----w- c:\users\William\AppData\Roaming\Firefly Studios
2012-06-14 12:42 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 12:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 12:01 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 12:01 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 11:59 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 11:59 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 11:59 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 11:58 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 11:58 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 11:58 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 11:58 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 11:58 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 11:58 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 11:58 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 11:58 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-06 19:22 . 2012-06-06 19:22 -------- d-----w- c:\users\William\AppData\Roaming\Malwarebytes
2012-06-06 19:21 . 2012-06-06 19:21 -------- d-----w- c:\programdata\Malwarebytes
2012-06-06 19:21 . 2012-06-07 13:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-06 18:45 . 2012-06-06 18:45 -------- d-----w- c:\users\William\AppData\Roaming\Tific
2012-06-06 18:45 . 2012-06-06 18:45 -------- d-----w- c:\users\William\AppData\Local\Symantec
2012-06-06 18:40 . 2012-06-06 18:40 -------- d-----w- c:\programdata\99058D9B000E0013006FA362B4EB2367
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 06:16 . 2012-04-19 12:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 06:16 . 2011-11-23 12:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 17:59 . 2012-05-04 17:59 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:35 . 2012-05-12 02:45 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-24 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-12 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/27 21:06;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-09 1431888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-04 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-02 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SBWTIS
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 08:37]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 02:16]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 02:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2809527400-1373152726-3069288008-1000\Software\SecuROM\License information*]
"datasecu"=hex:33,0e,b3,84,20,b1,94,dc,a3,db,7f,ae,7e,00,8f,fe,14,d7,c4,f4,03,
70,7b,d1,d4,6f,ff,23,7b,ff,b1,97,82,67,74,d4,ca,1e,36,bd,77,ef,60,f3,a8,88,\
"rkeysecu"=hex:73,e5,e3,17,5d,96,bc,08,60,55,6f,65,24,b3,91,82
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
.
**************************************************************************
.
Completion time: 2012-06-25 09:45:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 23:45
.
Pre-Run: 657,947,824,128 bytes free
Post-Run: 660,808,658,944 bytes free
.
- - End Of File - - 837074F98EC2AFDB2A9812748BA043C6
 
Looks good :)

Any current issues?

=============================================

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==========================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.24.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
William :: WILLIAM-HP [administrator]
25/06/2012 12:11:49 PM
mbam-log-2012-06-25 (12-11-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231706
Time elapsed: 3 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
OTL logfile created on: 6/25/2012 12:28:32 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\William\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.95 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 72.50% Memory free
15.90 Gb Paging File | 13.35 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.23 Gb Total Space | 615.27 Gb Free Space | 67.08% Space Free | Partition Type: NTFS
Drive D: | 13.99 Gb Total Space | 1.56 Gb Free Space | 11.16% Space Free | Partition Type: NTFS
Drive F: | 111.79 Gb Total Space | 8.82 Gb Free Space | 7.89% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-HP | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 12:25:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\William\Desktop\OTL.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/25 14:45:10 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/02/25 14:45:01 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/03 04:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/24 20:56:10 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/03/09 05:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/01 08:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/26 03:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 15:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 15:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 15:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/02/16 08:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/01/28 05:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/01/26 06:56:34 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/01/25 08:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/25 08:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/01/25 08:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/01/25 08:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/01/13 12:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/13 12:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/23 06:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/23 06:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/18 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/10 08:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/10 08:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/02/03 17:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 22:38:11 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/19 22:38:09 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/19 22:38:06 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/19 22:38:04 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/19 22:38:02 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/15 05:30:00 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll
MOD - [2012/06/15 05:22:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 05:22:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/15 09:55:29 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
MOD - [2012/05/15 09:53:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/15 09:53:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/15 09:53:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/15 09:52:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/15 09:52:57 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/15 09:52:53 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/09 22:42:00 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/13 02:58:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/11 20:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/05 09:34:20 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/02/05 09:24:24 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/02/05 09:19:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011/01/27 09:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 19:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 20:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/25 14:45:10 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/02/25 14:45:01 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 04:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/11/24 21:24:23 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/02 14:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/01 08:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/26 03:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/18 15:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/16 08:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/01/26 06:56:32 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/01/25 08:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/25 08:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/25 08:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/01/13 12:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/12/23 06:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/23 06:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/10 08:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/13 03:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/13 04:50:28 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/13 02:17:16 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/25 22:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/03/11 20:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/25 04:40:20 | 008,591,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/02/17 11:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/17 10:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/27 09:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/27 09:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/24 19:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/24 19:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/01/24 18:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/01/13 11:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/13 10:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/17 12:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/11 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/11 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/07/29 02:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/11 06:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&...1204099C1547F7A7AD2A9106157678&q={searchTerms}
IE - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Website Logon = C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\

O1 HOSTS File: ([2012/06/25 09:38:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A447AEA8-D3EE-43C8-ABB8-6BBE6EC535BC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/09 22:27:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 00:38:33 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/25 12:25:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\William\Desktop\OTL.exe
[2012/06/25 12:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 12:09:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/25 11:53:33 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\William\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/25 09:45:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/25 09:38:59 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/25 09:21:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/25 09:21:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/25 09:21:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/25 09:20:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/25 09:20:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/25 09:14:29 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{DA204F99-ED6D-4C49-9323-D0422F8FF565}
[2012/06/23 16:55:32 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{C932B8BE-DDA0-4710-A262-5F157DB29A0D}
[2012/06/23 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{6C6D0A96-59A8-47CB-B41F-1B73D4E6EC83}
[2012/06/23 16:49:26 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{D5E77BD2-822C-4A40-ADBE-BF2353A99136}
[2012/06/23 12:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/06/23 12:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/23 12:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/23 09:13:13 | 000,000,000 | ---D | C] -- C:\MATS
[2012/06/23 04:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/06/22 23:28:02 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{805C757F-AEF3-42BE-87BD-41538A400CF8}
[2012/06/22 23:27:37 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{952BD9B8-A11F-4468-AE51-42388C619ED4}
[2012/06/22 07:18:02 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Qateog
[2012/06/22 07:18:02 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Obgoo
[2012/06/22 07:18:02 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Kigax
[2012/06/22 06:31:04 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{D1D7BC12-77B2-4B10-A9E6-67AAADA4AD20}
[2012/06/22 06:30:51 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{9CC541C1-EE2A-4321-BB58-6C0638B5BD33}
[2012/06/22 06:25:40 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/22 06:21:19 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{B0253D13-0BD1-4E13-B143-27CE31CF1BB6}
[2012/06/22 06:20:55 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{D7B717D8-617E-405C-8BDE-2A6C59319C06}
[2012/06/22 06:19:00 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{C1DCB8D6-5883-48A2-BFF0-3819C4F879B9}
[2012/06/22 06:18:46 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{BCACB1C9-67C8-4EF8-8BE5-BA87846689A2}
[2012/06/22 06:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/06/22 06:03:07 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/06/22 06:02:45 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/06/22 06:02:45 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/06/22 06:02:45 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/06/22 06:02:45 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/06/22 06:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/06/22 06:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/06/22 05:56:20 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{8F982421-8FAF-4B93-AF42-8151A42EE57A}
[2012/06/22 05:55:37 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{551575B6-BF18-46EF-B354-8020D800D9FF}
[2012/06/22 05:24:45 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Ad-Aware Antivirus
[2012/06/21 04:02:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/19 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{7F50ABDC-2411-4AB7-BA54-F5D04FB05B9E}
[2012/06/19 20:26:06 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{74FCDD2C-E4AC-4B0B-822D-17BA22B01A42}
[2012/06/18 22:35:03 | 000,000,000 | ---D | C] -- C:\Users\William\Documents\New folder
[2012/06/18 22:10:33 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{2274517E-0E35-48B4-8707-21B69B845CE1}
[2012/06/18 04:13:07 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{9DD9B71C-118C-4A69-9DF2-9FA85C75B009}
[2012/06/18 03:55:39 | 000,000,000 | ---D | C] -- C:\Users\William\Desktop\DND
[2012/06/18 03:54:19 | 000,000,000 | ---D | C] -- C:\Users\William\Desktop\Tanks
[2012/06/17 04:13:09 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{2CBF532B-3807-49CF-80D5-23545503B962}
[2012/06/16 06:30:19 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\Geckofx
[2012/06/16 06:30:14 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Firefly Studios
[2012/06/16 06:30:11 | 000,000,000 | ---D | C] -- C:\Users\William\Documents\Stronghold Kingdoms
[2012/06/15 16:13:10 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{1EB9419E-0527-42C4-A6FC-F2297B053437}
[2012/06/13 16:08:28 | 000,000,000 | ---D | C] -- C:\Users\William\Desktop\Concrete
[2012/06/07 05:41:15 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{820E333E-36B9-4D76-A20C-3EF7A3D9791B}
[2012/06/07 05:40:58 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{D3BB7602-4B2A-47C9-A381-C10A04440772}
[2012/06/07 05:22:03 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Malwarebytes
[2012/06/07 05:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/07 05:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/07 04:45:14 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Tific
[2012/06/07 04:45:02 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\Symantec
[2012/06/07 04:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D9B000E0013006FA362B4EB2367
[2012/06/05 19:53:19 | 000,000,000 | ---D | C] -- C:\Users\William\Desktop\Bens Stuff
[2012/06/03 04:41:28 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{673C7A50-19D2-4196-A07D-15E0AF9BC81D}
[2012/06/03 04:41:16 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{08EAFA37-CCF0-43B7-B4F8-A2B20ACB8586}
[2012/06/02 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{CD419D8D-0CF0-4E31-98FE-AD07EF695D31}
[2012/06/02 18:25:26 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\{FA97731D-27DC-4F3A-A52E-9982B7DF1828}
[2012/05/29 17:44:12 | 000,000,000 | ---D | C] -- C:\Users\William\Desktop\BAND OF BROTHERS-NUBTOASTER
[2012/05/29 16:21:30 | 000,000,000 | ---D | C] -- C:\Users\William\Desktop\Company of Heroes _ All Heroes Rise
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/25 12:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 12:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 12:25:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\William\Desktop\OTL.exe
[2012/06/25 12:24:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 12:24:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 12:23:38 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/06/25 12:21:40 | 000,666,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 12:21:40 | 000,126,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 12:21:39 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 12:17:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 12:17:06 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 12:09:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 12:09:23 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\William\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/25 09:38:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/24 09:57:03 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/06/23 17:25:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/23 17:19:44 | 000,906,237 | ---- | M] () -- C:\Users\William\AppData\Local\census.cache
[2012/06/23 17:19:05 | 000,120,223 | ---- | M] () -- C:\Users\William\AppData\Local\ars.cache
[2012/06/23 16:59:34 | 000,000,036 | ---- | M] () -- C:\Users\William\AppData\Local\housecall.guid.cache
[2012/06/23 12:12:07 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/06/23 09:21:41 | 000,002,614 | ---- | M] () -- C:\Users\William\Documents\msremoval.bat
[2012/06/21 04:20:44 | 000,074,603 | ---- | M] () -- C:\Users\William\Desktop\0205MAC04HO.pdf
[2012/06/21 04:20:27 | 000,038,833 | ---- | M] () -- C:\Users\William\Desktop\0305MAC03HO.pdf
[2012/06/21 04:14:39 | 000,062,297 | ---- | M] () -- C:\Users\William\Desktop\0206FC05HO.pdf
[2012/06/21 04:14:22 | 000,030,414 | ---- | M] () -- C:\Users\William\Desktop\0206FC04HO.pdf
[2012/06/21 04:06:04 | 000,154,505 | ---- | M] () -- C:\Users\William\Desktop\appa.pdf
[2012/06/20 23:15:59 | 000,238,349 | ---- | M] () -- C:\Users\William\Desktop\column_slab_and_schedule-A2 Sheet3.pdf
[2012/06/20 23:14:05 | 000,203,108 | ---- | M] () -- C:\Users\William\Desktop\footing_details-A2 Sheet2.pdf
[2012/06/20 23:11:04 | 000,146,957 | ---- | M] () -- C:\Users\William\Desktop\Padfooting_column_layout-A2 Sheet1.pdf
[2012/06/20 23:07:34 | 000,203,231 | ---- | M] () -- C:\Users\William\Desktop\test2.pdf
[2012/06/20 22:58:00 | 000,203,150 | ---- | M] () -- C:\Users\William\Desktop\test.pdf
[2012/06/20 19:43:23 | 001,069,391 | ---- | M] () -- C:\acadminidump.dmp
[2012/06/19 00:34:34 | 000,022,302 | ---- | M] () -- C:\Users\William\Desktop\206507.jpg
[2012/06/19 00:33:26 | 000,022,698 | ---- | M] () -- C:\Users\William\Desktop\199819.jpg
[2012/06/19 00:30:14 | 000,034,307 | ---- | M] () -- C:\Users\William\Desktop\a_certain_magical_index_shock_vptxh.jpg
[2012/06/19 00:30:12 | 000,056,712 | ---- | M] () -- C:\Users\William\Desktop\a_certain_magical_index_shock_0awoq.jpg
[2012/06/18 04:23:10 | 000,020,348 | ---- | M] () -- C:\Users\William\Desktop\erecting-precast-concrete-wall-pane-61-300x225.jpg
[2012/06/18 04:23:10 | 000,017,262 | ---- | M] () -- C:\Users\William\Desktop\erecting-precast-concretewall-panel-5-300x225.jpg
[2012/06/18 04:23:08 | 000,090,128 | ---- | M] () -- C:\Users\William\Desktop\erecting-precast-concretewall-panel-4.jpg
[2012/06/18 04:22:02 | 000,041,955 | ---- | M] () -- C:\Users\William\Desktop\2DAD7E59-308C-407C-816755B640851515.jpg
[2012/06/18 04:21:04 | 000,081,958 | ---- | M] () -- C:\Users\William\Desktop\aldiugcp.jpg
[2012/06/18 04:19:31 | 000,125,019 | ---- | M] () -- C:\Users\William\Desktop\ncrete%20Waffle%20Slab%20-%20MIRVAC%20HOMES%20NSW%20%20-%20%20HILLSBOROUGH%20CRESCENT%20GLENFIELD%20-%20Supervisor%20STEVE%20LAWANDOS%20M%200411028935%20(3).jpg
[2012/06/18 04:13:10 | 000,067,071 | ---- | M] () -- C:\Users\William\Desktop\E100_1545_640.jpg
[2012/06/18 04:11:18 | 000,086,247 | ---- | M] () -- C:\Users\William\Desktop\bondek-main-def.jpg
[2012/06/17 23:04:48 | 000,871,136 | ---- | M] () -- C:\Users\William\Documents\New WinRAR archive.rar
[2012/06/15 05:18:45 | 000,492,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/15 01:38:25 | 000,710,148 | ---- | M] () -- C:\Users\William\Desktop\roadmap.png
[2012/06/13 23:05:23 | 000,218,097 | ---- | M] () -- C:\Users\William\Desktop\Annexure-III.pdf
[2012/06/12 00:36:10 | 000,122,483 | ---- | M] () -- C:\Users\William\Desktop\StoredFile.pdf
[2012/06/01 15:27:04 | 000,011,462 | ---- | M] () -- C:\Users\William\Desktop\agent.db
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 12:09:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 09:21:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/25 09:21:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/25 09:21:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/25 09:21:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/25 09:21:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/23 17:25:07 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/23 17:19:44 | 000,906,237 | ---- | C] () -- C:\Users\William\AppData\Local\census.cache
[2012/06/23 17:19:05 | 000,120,223 | ---- | C] () -- C:\Users\William\AppData\Local\ars.cache
[2012/06/23 16:59:34 | 000,000,036 | ---- | C] () -- C:\Users\William\AppData\Local\housecall.guid.cache
[2012/06/23 09:21:41 | 000,002,614 | ---- | C] () -- C:\Users\William\Documents\msremoval.bat
[2012/06/22 15:59:35 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/06/22 06:03:18 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/06/21 04:20:44 | 000,074,603 | ---- | C] () -- C:\Users\William\Desktop\0205MAC04HO.pdf
[2012/06/21 04:20:27 | 000,038,833 | ---- | C] () -- C:\Users\William\Desktop\0305MAC03HO.pdf
[2012/06/21 04:14:39 | 000,062,297 | ---- | C] () -- C:\Users\William\Desktop\0206FC05HO.pdf
[2012/06/21 04:14:22 | 000,030,414 | ---- | C] () -- C:\Users\William\Desktop\0206FC04HO.pdf
[2012/06/21 04:06:04 | 000,154,505 | ---- | C] () -- C:\Users\William\Desktop\appa.pdf
[2012/06/20 23:07:33 | 000,203,231 | ---- | C] () -- C:\Users\William\Desktop\test2.pdf
[2012/06/20 22:48:45 | 000,203,150 | ---- | C] () -- C:\Users\William\Desktop\test.pdf
[2012/06/20 08:13:13 | 000,238,349 | ---- | C] () -- C:\Users\William\Desktop\column_slab_and_schedule-A2 Sheet3.pdf
[2012/06/20 07:53:56 | 000,203,108 | ---- | C] () -- C:\Users\William\Desktop\footing_details-A2 Sheet2.pdf
[2012/06/20 07:38:05 | 000,146,957 | ---- | C] () -- C:\Users\William\Desktop\Padfooting_column_layout-A2 Sheet1.pdf
[2012/06/19 00:35:03 | 000,022,698 | ---- | C] () -- C:\Users\William\Desktop\199819.jpg
[2012/06/19 00:34:42 | 000,022,302 | ---- | C] () -- C:\Users\William\Desktop\206507.jpg
[2012/06/19 00:30:24 | 000,034,307 | ---- | C] () -- C:\Users\William\Desktop\a_certain_magical_index_shock_vptxh.jpg
[2012/06/19 00:30:18 | 000,056,712 | ---- | C] () -- C:\Users\William\Desktop\a_certain_magical_index_shock_0awoq.jpg
[2012/06/18 04:24:35 | 000,020,348 | ---- | C] () -- C:\Users\William\Desktop\erecting-precast-concrete-wall-pane-61-300x225.jpg
[2012/06/18 04:24:31 | 000,017,262 | ---- | C] () -- C:\Users\William\Desktop\erecting-precast-concretewall-panel-5-300x225.jpg
[2012/06/18 04:23:32 | 000,090,128 | ---- | C] () -- C:\Users\William\Desktop\erecting-precast-concretewall-panel-4.jpg
[2012/06/18 04:22:10 | 000,041,955 | ---- | C] () -- C:\Users\William\Desktop\2DAD7E59-308C-407C-816755B640851515.jpg
[2012/06/18 04:21:23 | 000,081,958 | ---- | C] () -- C:\Users\William\Desktop\aldiugcp.jpg
[2012/06/18 04:20:22 | 000,125,019 | ---- | C] () -- C:\Users\William\Desktop\ncrete%20Waffle%20Slab%20-%20MIRVAC%20HOMES%20NSW%20%20-%20%20HILLSBOROUGH%20CRESCENT%20GLENFIELD%20-%20Supervisor%20STEVE%20LAWANDOS%20M%200411028935%20(3).jpg
[2012/06/18 04:13:21 | 000,067,071 | ---- | C] () -- C:\Users\William\Desktop\E100_1545_640.jpg
[2012/06/18 04:12:21 | 000,086,247 | ---- | C] () -- C:\Users\William\Desktop\bondek-main-def.jpg
[2012/06/17 23:04:43 | 000,871,136 | ---- | C] () -- C:\Users\William\Documents\New WinRAR archive.rar
[2012/06/16 02:41:12 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/06/15 01:39:05 | 000,710,148 | ---- | C] () -- C:\Users\William\Desktop\roadmap.png
[2012/06/13 23:05:23 | 000,218,097 | ---- | C] () -- C:\Users\William\Desktop\Annexure-III.pdf
[2012/06/13 15:43:55 | 000,002,631 | ---- | C] () -- C:\Users\William\Desktop\AutoCAD 2012 - English.lnk
[2012/06/12 00:36:10 | 000,122,483 | ---- | C] () -- C:\Users\William\Desktop\StoredFile.pdf
[2012/06/01 15:34:34 | 000,011,462 | ---- | C] () -- C:\Users\William\Desktop\agent.db
[2012/04/10 19:58:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/02/09 22:42:22 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/02/09 22:38:05 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/11 15:19:48 | 000,007,652 | ---- | C] () -- C:\Users\William\AppData\Local\Resmon.ResmonCfg
[2011/11/05 18:59:52 | 000,000,632 | RHS- | C] () -- C:\Users\William\ntuser.pol
[2011/11/05 01:36:31 | 000,000,484 | ---- | C] () -- C:\Users\William\AppData\Roaming\GPU Monitor_Settings.ini
[2011/11/04 23:26:52 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/04 23:26:49 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/28 13:58:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/28 13:49:44 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/07/28 13:48:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/28 13:48:32 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/25 22:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/25 22:16:08 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/02/23 09:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010/12/17 12:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2011/11/05 19:04:17 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Synaptics
[2012/06/23 17:25:40 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Ad-Aware Antivirus
[2012/02/09 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Autodesk
[2012/06/16 06:30:14 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Firefly Studios
[2012/01/28 21:17:08 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\IDT
[2012/06/23 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Kigax
[2012/06/22 07:18:02 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Obgoo
[2011/11/04 22:36:24 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Origin
[2012/06/24 10:02:54 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Qateog
[2011/11/04 09:16:31 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Synaptics
[2012/06/07 04:45:14 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Tific
[2012/06/25 12:24:02 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\uTorrent
[2012/04/27 11:17:50 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\wargaming.net
[2011/11/08 08:04:58 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Windows Live Writer
[2012/06/24 09:57:03 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/02/14 15:18:04 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< >

< >

< %SYSTEMDRIVE%\*.* >
[2012/06/20 19:43:23 | 001,069,391 | ---- | M] () -- C:\acadminidump.dmp
[2010/11/21 13:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/06/25 09:45:14 | 000,022,608 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/06/25 12:17:06 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/06/25 12:17:09 | 4240,293,887 | -HS- | M] () -- C:\pagefile.sys
[2012/02/14 21:57:23 | 000,489,580 | ---- | M] () -- C:\shared.log
[2012/06/07 05:10:06 | 000,278,354 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_07.06.2012_05.06.45_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 15:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 06:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 14:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/11/04 21:24:03 | 000,000,221 | -HS- | M] () -- C:\Users\William\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/25 12:09:23 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\William\Desktop\mbam-setup-1.61.0.1400.exe
[2010/02/14 15:35:58 | 004,411,392 | ---- | M] (Gabest) -- C:\Users\William\Desktop\mplayerc.exe
[2012/06/25 12:25:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\William\Desktop\OTL.exe
[2012/04/29 07:26:41 | 2827,185,200 | ---- | M] () -- C:\Users\William\Desktop\WoT_0.7.2_us_setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/24 09:57:03 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/06/25 12:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 12:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 12:17:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/02/14 15:18:04 | 000,032,588 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 07:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/17 15:02:36 | 000,000,402 | -HS- | M] () -- C:\Users\William\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/02/09 22:42:22 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2012/02/09 22:39:39 | 000,038,912 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\Luc.exe
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
< End of report >
 
OTL Extras logfile created on: 6/25/2012 12:28:32 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\William\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.95 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 72.50% Memory free
15.90 Gb Paging File | 13.35 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.23 Gb Total Space | 615.27 Gb Free Space | 67.08% Space Free | Partition Type: NTFS
Drive D: | 13.99 Gb Total Space | 1.56 Gb Free Space | 11.16% Space Free | Partition Type: NTFS
Drive F: | 111.79 Gb Total Space | 8.82 Gb Free Space | 7.89% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-HP | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A293782-148E-4204-9722-224C0C699112}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27F6B1E0-0B58-4122-B4F0-4DF8AC3BFA76}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{957A5D55-1089-4E2F-B87C-D66C9F63205A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AAF26111-2C0E-45EE-BDA2-6D862BEEEE3E}" = protocol=58 | dir=in | app=system |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0128D231-B23B-409C-A531-39D8D8774BA1}" = HP 3D DriveGuard
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi Software
"{7A33B9B4-0C40-53B4-CCA0-D469A83DE142}" = ccc-utility64
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CCB6C5-DD11-F614-5955-FACAFA2C80F7}" = CCC Help Turkish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0372849C-A9C1-A7BF-7180-9DB15334D778}" = Catalyst Control Center
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB68729-BD8E-76E0-A357-9685790987F1}" = Catalyst Control Center Profiles Mobile
"{115BAB0B-AB04-E481-76F5-82D90C3049A6}" = CCC Help Danish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19F2D706-4834-2DD2-D12E-C10E75A57C81}" = CCC Help French
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1CB8B169-534E-6F89-CDF9-0B812FBACF9A}" = CCC Help Hungarian
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{228CDD95-4069-8D94-7584-82BDE9A68B63}" = CCC Help Japanese
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{28CA24E3-D323-3900-9519-4FFE9984EC53}" = CCC Help Polish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{49799BCA-8E53-63CD-D2D4-BAC6AB782DEE}" = Catalyst Control Center Graphics Previews Common
"{49FD3CE5-1839-7EEA-D7D3-17A23826B859}" = CCC Help Greek
"{49FE4B97-0E1E-F9EC-2123-4DFA80064694}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55B013D5-14E7-C0B1-CE42-9C567AAEE3C9}" = CCC Help Dutch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel(R) Wireless Display
"{5E2C8F1A-AC86-FBCD-B3E4-EBF9E747BC4D}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{81EDA038-2320-B7E2-4D78-E12C2D55CE75}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89A6150B-0CE8-AA44-F24B-FD8DCC058ACC}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B619E05-80B3-20A1-5C1C-FDCDEC394344}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFC331E-07A7-B196-7EA7-549A0CFE07CB}" = CCC Help Swedish
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7F248B5-B784-E149-124F-ABE878BC725F}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ADBCAA59-C242-4B31-FF51-354159417118}" = CCC Help Thai
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEF3AB2B-0B52-E47E-CA66-55E11D41EA04}" = CCC Help Finnish
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C118B9C6-BCE5-629D-F9CF-F61BCAD285D9}" = CCC Help Spanish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C51EF224-3786-5566-3B32-251BDEC5C8E7}" = Catalyst Control Center InstallProxy
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D814C606-0199-4A7D-D517-79DC2B3EB7F0}" = CCC Help Russian
"{DA05AADA-6407-9E45-7843-45F7393F7A15}" = CCC Help Italian
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6041920-6D08-2466-E672-A15B040B5004}" = CCC Help English
"{E8EE10CF-31E4-CA63-BD94-B0157BBB2444}" = CCC Help Chinese Traditional
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EDD14387-FE5E-48A3-6B2B-E61DD88FC69E}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8070C51-4B1D-430C-8BCF-19696368366F}" = HP Software Framework
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 105600" = Terraria
"Steam App 17460" = Mass Effect
"Steam App 47410" = Stronghold Kingdoms
"Steam App 99900" = Spiral Knights
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"WT089504" = Final Drive Nitro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-DC Universe Online Live" = DC Universe Online Live

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/21/2012 3:10:11 PM | Computer Name = William-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

[ Hewlett-Packard Events ]
Error - 12/2/2011 11:24:28 PM | Computer Name = William-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121103022424.xml
File not created by asset agent

Error - 5/12/2012 12:53:28 AM | Computer Name = William-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051212025319.xml
File not created by asset agent

Error - 5/19/2012 12:16:45 AM | Computer Name = William-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051219021642.xml
File not created by asset agent

[ HP Connection Manager Events ]
Error - 6/14/2012 3:16:58 PM | Computer Name = William-HP | Source = hpCMSrv | ID = 5
Description = 2012/06/15 05:16:58.706|00001384|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/14/2012 3:17:06 PM | Computer Name = William-HP | Source = hpCMSrv | ID = 5
Description = 2012/06/15 05:17:06.680|00001384|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/18/2012 1:05:25 PM | Computer Name = William-HP | Source = hpMobile | ID = 5
Description = 2012/06/19 03:05:24.995|000002BC|Error |[HP.Mobile]Wlan::a{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

Error - 6/21/2012 3:10:18 PM | Computer Name = William-HP | Source = hpCMSrv | ID = 5
Description = 2012/06/22 05:10:18.682|000019CC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/21/2012 4:17:01 PM | Computer Name = William-HP | Source = hpCMSrv | ID = 5
Description = 2012/06/22 06:17:01.316|00001228|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/22/2012 1:56:39 AM | Computer Name = William-HP | Source = hpCMSrv | ID = 5
Description = 2012/06/22 15:56:39.644|00001524|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/22/2012 6:54:08 PM | Computer Name = William-HP | Source = hpCMSrv | ID = 5
Description = 2012/06/23 08:54:08.848|0000103C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/22/2012 6:55:08 PM | Computer Name = William-HP | Source = hpCMSrv | ID = 5
Description = 2012/06/23 08:55:08.851|0000103C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/22/2012 6:56:08 PM | Computer Name = William-HP | Source = hpCMSrv | ID = 5
Description = 2012/06/23 08:56:08.849|0000103C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/22/2012 6:57:00 PM | Computer Name = William-HP | Source = hpCMSrv | ID = 5
Description = 2012/06/23 08:57:00.403|0000103C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ System Events ]
Error - 6/24/2012 7:15:21 PM | Computer Name = William-HP | Source = Service Control Manager | ID = 7000
Description = The sbwtis service failed to start due to the following error: %%1753

Error - 6/24/2012 7:15:21 PM | Computer Name = William-HP | Source = Service Control Manager | ID = 7000
Description = The sbwtis service failed to start due to the following error: %%1753

Error - 6/24/2012 7:16:57 PM | Computer Name = William-HP | Source = Service Control Manager | ID = 7000
Description = The sbwtis service failed to start due to the following error: %%1753

Error - 6/24/2012 7:20:10 PM | Computer Name = William-HP | Source = Service Control Manager | ID = 7034
Description = The Bluetooth OBEX Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/24/2012 7:20:10 PM | Computer Name = William-HP | Source = Service Control Manager | ID = 7034
Description = The Bluetooth Media Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/24/2012 7:27:03 PM | Computer Name = William-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 6/24/2012 7:30:23 PM | Computer Name = William-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/24/2012 7:33:12 PM | Computer Name = William-HP | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 6/24/2012 7:34:36 PM | Computer Name = William-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/24/2012 7:35:44 PM | Computer Name = William-HP | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2809527400-1373152726-3069288008-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
[2012/06/23 12:12:07 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==========================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2809527400-1373152726-3069288008-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2809527400-1373152726-3069288008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
C:\Windows\SysNative\drivers\etc\hosts.bak moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 77754841 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1338 bytes

User: Public
->Temp folder emptied: 0 bytes

User: William
->Temp folder emptied: 16361 bytes
->Temporary Internet Files folder emptied: 38549543 bytes
->Java cache emptied: 65104 bytes
->Google Chrome cache emptied: 13178019 bytes
->Flash cache emptied: 4363 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4780 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 108868509 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 227.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kim
->Java cache emptied: 0 bytes

User: Public

User: William
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kim
->Flash cache emptied: 0 bytes

User: Public

User: William
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06262012_004311
Files\Folders moved on Reboot...
C:\Users\William\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\William\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Ad-Aware Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Java(TM) 6 Update 29
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Ad-Aware Antivirus AdAwareService.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 24-06-2012 01
Ran by William (administrator) on 26-06-2012 at 00:54:33
Running from "C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q9H346X"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
You're running two AV programs:
Ad-Aware Antivirus
Microsoft Security Essentials
You must uninstall one of them.
I suggest Ad-aware goes.

================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: William
->Temp folder emptied: 127200 bytes
->Temporary Internet Files folder emptied: 177938429 bytes
->Java cache emptied: 2027 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 877 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26554 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 170.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kim
->Flash cache emptied: 0 bytes

User: Public

User: William
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kim
->Java cache emptied: 0 bytes

User: Public

User: William
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06262012_113029
Files\Folders moved on Reboot...
C:\Users\William\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\ADSAdClient31[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\direct;auc.4598824955413493252;ai.242695295.265462829;wi.234;hi.60;cp.0[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\page-2[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\tt[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K93VAMO6\bizo_multi[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K93VAMO6\partner[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7R5K880\partner[2].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2549701L\ADSAdClient31[1].htm moved successfully.
PendingFileRenameOperations files...
File C:\Users\William\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\ADSAdClient31[1].htm not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\direct;auc.4598824955413493252;ai.242695295.265462829;wi.234;hi.60;cp.0[1].htm not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\page-2[1].htm not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVZB5FNQ\tt[1].htm not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K93VAMO6\bizo_multi[1].htm not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K93VAMO6\partner[1].htm not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7R5K880\partner[2].htm not found!
File C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2549701L\ADSAdClient31[1].htm not found!
Registry entries deleted on Reboot...
 
Hi Broni, I finished cleaning OTL, but everytime when I reboot to windows, I get error message:
"Microsoft Security Client
An error has occured in the program. Try to open it again. If this problem continues, you'll need to reinstall Microsoft Security Client.
Error code: 0x80070002"

Also I am trying to do Windows Updates, but it fails to update.
Microsoft Security Essnetials Client Update Package - KB2691905
 
You must log in or register to reply here.

Similar threads

H
Freezes after BSOD
Replies
10
Views
1K
bazz2004
B
midian182
Ford is set to challenge next Tesla model with $25,000 EV
Replies
18
Views
283
netman
netman
midian182
Amazon's strict return-to-office policy is pushing more employees into quitting
2
Replies
40
Views
1K
lonetac
L

Latest posts

Back